Path to function: Preferences > OrganisationAccount
This preference page controls items that can be set differently for accounts per organisation rather than those that are set for your whole domain. It is split into two areas of influence - account creation options, and resource access options:
|Table of Contents|
Default account creation section
So that you don't have to change the same setting every time you create an account, you can change some of the defaults.
All the values are whole numbers and any fractions will be rounded down.
What you need to know about automatic deletion
Some agreements you have with federations may require you to trace a login back to a user for a period of time after it has happened. This cannot be done if the account has been deleted so you may need to set the automatic deletion period to be long enough to allow for any agreements of this type. E.g. members of the UK Access Management federation will usually want to set this to be at least 90 days.
Accounts deleted by this operation are not recoverable.
Resource access section
Permissive and restrictive mode
Permissive mode (default) means that the system will pass attributes to any federated resource that a user tries to access. In normal operation the resource would then decide whether or not to let the user in based on the attributes that had been passed. This is how federated access management is designed to work.