With SLManager it is possible to delete the User Data, but only in an all-or-nothing manner. This is because the Datastore Object for that user is deleted in the directory service and the administrator can't edit it because the data is encrypted.
The slAP Tool is a little more selective. It allows to delete entire areas (login, applications, ..).
Finally the SecureLogin Client Utility allows Users to manage their credentials themselves.

From an administrative perspective, it would be helpful to have the possibility to delete the User Data more granular. This would allow admins to remove old and outdated Information automatically and without any user intervention. For this use case, the slAP Tool would fit, e.g. using it for scripted mass changes.

The new command could have the form

slaptool -d -f -l -single <login to be deleted>

For example, a login with smartcard and pin caching named "Smartcard-Computer123" could be deleted with the command.
In our case, we could use a start script in SSO to create the SecureLogin login name by reading the computer name from the system variable and delete the login definition by issuing

slaptool -d -f -l -single "Smartcard-Computer123"

Especially in large enterprise deployments this feature would increase the supportability for thousands of users.

Comments

  • this make sense for a better managment

  • very helpful

  • makes sense in an enterprise environment

  • also helpfull for the users - they will have a better experience since some Problems can be avoided.

  • These possibility would be very useful have