Hello, we are currently testing the leaver process within our sandbox tenant but when our HR system sets the identity to “terminated” and the test identity’s lifecycle state is updated to “terminated” in SailPoint, it is not triggering the disable account provisioning that we have set up under the identity profile. We are mapping the lifecycle state directly from the authoritative source “ADP” with the identity attribute “WorkerStatus”. We ensured that the provisioning is enabled under the identity profile for “terminated” which should trigger the Wesbanco-AD account the test identity has enabled to be disabled.
Hi @mbender,
Can you please verify if the lifecycle state of the test user matches the exact case of the technical name, which is terminated
@mbender Can you let us know the values you would receive for WorkerStatus attribute for a user on ADP connection source ?
Here’s a screenshot of the lifecycle state the identity has listed in SailPoint and a screenshot of the provisioning settings:
The current WorkerStatus value for our test user identity shows that the user is listed as “Terminated” under their ADP Account.
Hi @mbender,
The only reason I can think of is that if the AD account is already in a disabled status, the disable action will not be triggered. And I assume that the user actually moved from active to terminated status after the LCS configuration was enabled.
Or do you have some before or after provisioning rule that might be modifying the plan.?
If not, it would be worth submitting a support ticket.
Have you tried disabling the account manually and if it triggers a provisioning process?
Hi @mbender, Did you get chance to look at the events or work activity ? if so, you should able to see disable events. Post your activity events for this user