I have a problem where here in the environment there is a process in which the identity enters the inactive cycle and after 30 days the cycle changes to inactive30days, and when the identity enters this cycle the correct flow is to delete the account in AD, but I am with a case that an identity was not excluded.
Seeing the evolution of this identity in the search, it followed the correct process, but the client informs that the account was not removed from AD.
If I search for this identity on identitylist it no longer appears.
Are you saying that the Identity itself got deleted from the auth source/IDN.?
If that had happened before the lifecycle state moved from inactive to inactive30d, the account deletion wouldn’t have happened as the account would have remained orphan.
In fact, yes, it is displayed, they have an inactive30days status, in the normal process the account is inactive and starts counting 30 days, when it reaches this count the account is activated in the active directory for sailpoint remove. There is a rule for that. Today from inactive it is going straight to inactive30days when there should have been the enable event to delete the account in AD
Did the user’s lifecycle state move directly from active to inactive30days.? This could happen when the HR inputs a backdated termination date. If that is the case, then the process flow would have been broken.
Was the AD account in an Active status when the LCS changed from inactive to inactive30days.? That could break the process too. IDN would expect the AD account to be in a disabled status for the enable (Delete) process to trigger.
