Is there a way how to programatically get a list of users who work or ever logged in on the TeamServer and manage them?
Hello, I wonder how to manage Mendix users in our company efficiently. Let’s say that one of our user leaves the company or changes the name or e-mail address. This has impact on other systems as well – like on Mendix. In case that a person X has left the company, we can only remove his account manually by checking all the places where he was listed and delete him/her. Given the number of applications we have and given the number of users we have (theoretically 140K ) this is a challending task. I have tried to explore the API for User Management. The problem I have is, it gives me only IDs, it will not give me the names or e-mail adresses so I cannot match it to the regular addressbook to verify if the account is still valid. I also cannot change anything related to these users – except for setting it as “active/inactive”. https://docs.mendix.com/apidocs-mxsdk/apidocs/user-management-api Little bit promissing was the procedure to lookup for valid ID based on the e-mail address: https://platform.mendix.com/api/1/users/by-email/<emailAddress> Theoretically I could match it also from the other way around. I would get a list of 140K users and loop over it and call this for every user /api/1/users/by-email/ to see if the user is listed or not. I can imagine Mendix cloud may not like it and it would be a bit slow. But still this would not leed to desired effect. Sure I could narrow it down to the recent changes (people who left in last 2-3 monts) but even that can be still high number and It would help with e-mail address changes. Is there any other better way how to programatically manage these user accounts?
For Mendix applications on the scale you mention user provisioning via an IDP (identity provider) is the way to go. And the use of SSO makes the live of your users a lot easier. An IDP can be anything from old school Active Directory to SAP XSUAA.
With such an integration deactivating and clean up of inactive users becomes a breeze.
Many thanks for your input, well sure the SSO is possible for the larger apps (and actually we do just that – all that are on licenced cloud nodes), but for the sandbox apps and for the team server users there is not much or is there?