20 Apr 2018 02:38 PM - last edited on 17 Oct 2022 10:53 AM by Ana_Kuzmenchuk
Hi,
With the introduction of GDPR, the requirement to provide "delete me" functionality becomes important.
In this regard I was wondering if there is a possibility to automatically remove inactive users from Dynatrace?
Solved! Go to Solution.
23 Apr 2018 09:00 AM
Hi @Tarjei U.
You can only manually delete users in Dynatrace. We do not have an automatic delete feature.
Gerald
23 Apr 2018 07:30 PM
Is there a simple way to at least show the last logon date/time of a user and we can take it from there...?
23 Apr 2018 08:29 PM
I echo Brian Ls question, is there a way of getting last login atleast?
24 Apr 2018 08:13 AM
Hello, we do not have this information in the product.
Why do you need the last login date/time?
25 Apr 2018 07:26 PM
So we could delete any older than XX days - typical AUDIT requirements.
25 Apr 2018 07:51 PM
And it also becomes quite pertinent with regards to GDPR
25 Apr 2018 09:27 PM
Not a GDPR expert (is anyone?) but in what way would that apply to internal employees which are the only people I expect would be logging in to Dynatrace?
26 Apr 2018 07:36 AM
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
26 Apr 2018 02:39 PM
I'm clear on that but would suspect this is more for a customer -> service provider relationship as opposed to an employee->employer relationship. I would expect an employer has the right to keep records on their employment history. Note that I'm just curious as I've never heard anyone applying GDPR regs to employees. I did find this though so it does seem it cover it to some extent though the details are beyond me: https://www.taylorwessing.com/globaldatahub/article-changes-to-employee-data-management-under-the-gdpr.html
There's the line that employees as data subjects have "the right to be forgotten under certain circumstances" which is quite vague.
Though even in this case first as it's really just a name and probably a company email address and second as there is always the option to delete an account if requested so I'm not sure I would agree that it would be necessary for GDPR compliance but agree it would be nice to have just as a matter of good housekeeping. Again a disclaimer I'm not at all involved in the decisions around this but am just interested.
27 Apr 2018 10:47 AM
We have an actual case where we are going to integrate Dynatrace with a companys AD using SAMLv2. In this case, the comapany asked us
a) Why Dynatrace needs to keep a local copy of the user at all
b) If there is a possibility of autodeleting a user.
So their though process is as follows. Employee Alice quits the company. Her user account in the company will follow the normal processed, and be removed from the AD in due time. However the user in Dynatrace will not. And according to them this is not in line with GDPR.
27 Apr 2018 02:01 PM
Don't know about SaaS, but you can delete users and groups (also create them) using REST API in Dynatrace Managed. I'm pretty sure Dynatrace has similar API for SaaS, but it's probably not public.
Typically enterprise customers do have an IAM tool, which handles such cases and creates/deletes users in applications. When someone quits a company, the IAM tool is in charge of deactivating and deleting accounts.
I've never seen a tool which would "autodelete" users if they cannot be found anymore in AD/LDAP.
27 Apr 2018 12:24 PM
@Tarjei U. Our current SAML implementation is EAP and not feature-complete. There are know limitations like a user needs to be created in Dynatrace.
We are aware of this and working on a brand new SAML implementation which resolves the two issues you mentioned.
Gerald
27 Apr 2018 12:27 PM
Will this apply to AppMon, and possibly DCRUM in the future as well?
02 Oct 2019 01:15 PM
Hi Gerald,
Can you give me an update on the implementation of this feature? We have a customer who is asking the same question and it's very critical for the implementation plan.
Thanks in advance!
05 Jun 2018 09:38 AM
This question becomes very critical, and it is important to enable some sort of functionality for all tools in order to comply with GDPR regulations when it comes to removal of user accounts. A local copy of a user containing mail adresse is as far as I can understand personal data. Especially when mail adress i directly linked with the name and a user ident, which they are, more often than not. As Tarjei mentions the user also has the right to removal of their personal data.
We do have service providers as customers, which makes it necessary to be able to automatically remove users from the various Dynatrace tools. I think Tarjei is asking for "last login" in order to be able to identify which users are inactive, and thus should be removed. This grouping of users I imagine could be a possible methodology for group deleting users that aren't active.
Obviously this would in some scenarios bring up another important functionality regarding re-enablement of users deleted, that needs handling... Again, without being in breach of GDPR regulations.
27 Nov 2023 06:35 PM
Hi! It is 2023 and I am looking for an update on this feature for compliance. Is there an auto-delete or "user not logged in within 30 days" check that can delete the user? The search function brought me to this thread from 2018.
29 Nov 2023 08:36 PM
You can resolve this using the Dynatrace Account Management API.See instructions on how to get the Oath2 token in the link.