This tip details how to go about removing an unwanted Authentication Domain and all associated Login objects from SAS metadata. A need for this can arise when you have been temporarily (or accidentally/unnecessarily) added a second set of inbound logins for all of your SAS users and you decide you no longer need those extra logins (perhaps you are migrating between authentication mechanisms).
If you are using the Metacoda Identity Sync Plug-in then the first step is to edit the Identity Sync Profile (IDSP file) using the Identity Sync Profile Wizard and untick the checkbox that configures the 2nd login. If you don’t do this, then the auth domain, and all the logins, will simply be re-added next time you run a sync! You can see a sample screenshot of the wizard page where you can unconfigure the 2nd login below:
After updating, and saving, the Identity Sync Profile you are almost ready to remove the unwanted auth domain and associated logins. Before removing the metadata it is a good idea to do the following:
- Check that all the logins currently associated with the auth domain, the ones that are going to be removed, have no passwords (and so may be outbound instead of inbound). This can be done using the Metacoda Login Reviewer (or the SAS Management Console User Manager plug-in).
- Check that there are no servers currently associated with the auth domain. This can be done using the Metacoda Metadata Explorer Plug-in (or the SAS Management Console Server Manager plug-in).
- Perform a SAS Metadata Server or platform backup so that you have a recovery point.
Once you are ready to delete the unwanted auth domain (and all associated logins) you can do this very easily using the standard SAS Management Console User Manager plug-in. You wont be able to use the re-configured Metacoda Identity Sync Profile to do this because it will now just ignore the 2nd auth domain and associated logins and will not attempt to remove them.
As shown in this screenshot, right click over the SAS Management Console User Manager plug-in and select the Authentication Domains… entry from the context menu:
In the Authentication Domains dialog window you should select the unwanted auth domain (1), click the Delete button (2), review the warning/confirmation message about removing the auth domain and all associated logins and, when you are ready, click the Yes button (3) to go ahead and remove them.
Finally, you can confirm the logins have been removed with the Metacoda Login Reviewer (or by selecting some candidate users in the SAS Management Console User Manager plug-in and checking their Accounts tab contents).