PingOne Advanced Identity Cloud

Manage scanning tasks using the IDM admin console

You can schedule jobs directly in the Advanced Identity Cloud admin console.

The task scanner queries a set of managed objects, then executes a script on the objects returned in the query result. The scanner then sets a field on a specific managed object property to indicate the state of the task. Before you start, you must identify the indexed managed object property that the scanner will use to track task state.

  1. Go to https://<tenant-env-fqdn>/admin/#scheduler/, and click Add Schedule.

  2. Enable the schedule, and set the times that the task should run.

  3. Under Perform Action, select Execute a script on objects returned by a query (Task Scanner).

  4. Select the managed objects on which the query should be run.

  5. Build the query that will be run against the selected managed objects.

    The query must use indexed fields. For time-based queries, use the ${Time.now} macro object, which fetches the current time and is available only when you configure a scanning task query filter.

  6. In the Object Property Field, enter the indexed property whose values will determine the state of the task.

  7. In the Script field, enter an inline script.

    The following script deactivates the accounts of users returned by the query:

    var patch = [{ "operation" : "replace", "field" : "/active", "value" : false },{ "operation" : "replace", "field" : "/accountStatus", "value" : "inactive" }];
openidm.patch(objectID, null, patch);

    This script essentially deactivates the accounts of users returned by the query by setting the value of their active property to false.

  8. Configure the advanced properties of the schedule described in Configure Schedules.