Hi Developer,
I know there are many posts on this topic, but I’d like to understand it in simple terms. What is the best way to delete a user’s AD account once the termination date has passed 60 days? Can this be achieved using a transform? Since SailPoint ISC provides an option to configure the Lifecycle State (LCS) for account deletion, can I use that to accomplish my goal?
Thanks.
@ssharma02 yes it can be achieved but only not only by transforms
These are few things which you need to configure
1- LCS state as delete which will trigger enable operation
2-LCS transforms which calculates the dates and makes the user into delete status after 90 days
3-Before provisioning rule which will intercept the lifecycle state and operation type as enable and delete the AD account as below
else if("delete".equalsIgnoreCase(cloudLifecycleState) && (adAcctRequest.getOperation()).equals(ProvisioningPlan.AccountRequest.Operation.Enable))
{
//converting the accountRequest to Delete
adAcctRequest.setOperation(AccountRequest.Operation.Delete);
}
Thanks
1 Like