Overview
Addigy Identity syncs end users IdP account to a local macOS account but you may find instances where you need to un-sync the accounts. Below is a script that can be ran to perform the un-sync.
Script
This script requires you to provide the username of the local macOS account that needs to be un-synced and enter it in line 7 where "YOUR_USERNAME" is. You can find the local macOS account name within a device's GoLive page under users.
synchronization_flag="addigy.synchronized.user"
# Set the specific user manually or via an argument
specific_user="YOUR_USERNAME" # Replace 'your_username' with the actual username
# Verify if the specific user exists
if dscl . list /Users | grep -q "^${specific_user}$"; then
record_names=$(dscl . read /Users/${specific_user} RecordName)
# Loop through the user's record names
for record in $record_names; do
if [[ $record == *$synchronization_flag* ]]; then
echo "$record"
dscl . delete /Users/${specific_user} RecordName ${record}
fi
done
else
echo "User ${specific_user} not found."
exit 1
fi
|
|
This script removes a synchronization alias flagged addigy.synchronized.user
from the specified OS user. It first verifies if the user exists and then reads the user's RecordName
attributes. If any RecordName
contains the specified synchronization flag the script deletes it ensuring the user's account is no longer linked to that alias.
Golive Output
A successful un-sync will output the record name which is reported back from the OS user account name.