I am trying to configure IDN to delete an AD Account. There are several posts on the subject and I have followed the advice given but still don’t seem to be able to delete an AD account.
I have setup the following configuration:
Identity Profile Provisioning: Lifecycle State: ‘preActive’; Configure Change: Enable Accounts; AD Source has been added to the list
Uploaded and attached the ‘Services Standard IdentityNow BeforeProvisioning Rule’ to the AD Source
Configured the Services Standard IdentityNow BeforeProvisioning Rule in the source to change the Enable operation to a Delete operation:
{
"eventActions": [
{
"Action": "ChangeOperation",
"Attribute": null,
"Value": "Delete"
}
],
"Identity Attribute Triggers": [
{
"Attribute": "cloudLifecycleState",
"Value": "preActive",
"Operation": "eq"
}
],
"Operation": "Enable"
}
I modify the lifecycle state (manually via the Admin UI) from inactive to preActive but the AD Account is not deleted.
The event log shows the change to lifecycle state and a Modify Account Passed operation - but nothing about ‘delete’.
To test that the trigger is firing in the rule, I have modified the eventAction from ‘ChangeOperation’ to ‘UpdateAttribute’ to set the info attribute on the AD Account - this works as expected.
Is there anything else I need to configure the enable the ChangeOperation to Delete to cause the AD Account to get deleted?