I know we are able to easily access all the values in the AttributeRequests, what if we need a value from IDN as a condition for a PowerShell script but we do not want to set/change the value in AD?
For example, we want to pass the cloudLifecycleState or sAMAccountName but neither of these will be updated in AD when we Disable the account.
Currently if you do this, there is an error but the Account Request still goes through.
You can exclude attributes from provisioning by patching the source like this:
[
{
"op": "add",
"path": "/connectorAttributes/excludeAttributesFromProvisioning",
"value": [
"myAttribute1",
"myAttribute2"
]
}
]
As a second option you can pass attributes as arguments in provisioning plan, an argument is not going to be considered as an operation to the downstream system.
BP Rule:
accountRequest.addArgument(“cloudLifecycleState”, identity.getStringAttribute(“cloudLifecycleState”);
Powershell Rule:
$cloudLifecycleState = $requestObject.Attributes.cloudLifecycleState