Requirement from the customer is to purge user accounts after a period of inactivity (could be short, within days or hours of last login). Accounts are SSO created when users Authenticate.
The requirements is to completely purge the accounts (delete / remove). However, a possible interim solution might be to cause them to expire.
Considered a scheduled job which purges users from a given group if lastAccessTime is more than a given period in the past.
TM Security Manager configuration screen provides an "Inactive Account Expiry" option to automatically sets user accounts without any login activity over the specified period to an have an "Inactive" status. Accounts with an Inactive status can no longer log into the system. A background job performs this action on an hourly basis.
We don't automatically delete inactive accounts as this destroys security audit information.
regards Malcolm Edgar