Hi All,
Does anyone have a sample script for workflow to Disable the accounts from a source.
We have accounts in a source, the users lifecycle state is inactive but have active account in the source.
I am trying to leverage search query to search identity who have active account even though their Lifecyclestate is disabled, and then go ahead and disable their account.
Any help would be appreciated.
Simplest approach would be to configure “Disable Accounts” under Identity Profiles > Provisions tab for the specific LCS
would that take care of the past records ? I have leaver configured on the source and it does take care of identities whose lifecycle state changed after the source was out in place.
However, we have few identities on the source, whose account is active even though their lifecycle state is inactive.
If I remember right, it will take care of identities that were turned inactive in the past. This happens during Identity refresh
option i see is using API
disable-account | SailPoint Developer Community
using workflow action Manage Accounts .
In both method you have to loop it for multiple accounts .
As suggested by @iamnithesh , you just need to configure the disable account in inactive LCS and add the required source. It will disable all the accounts which are correlated with identity in inactive LCS during identity refresh.
Thanks,
Nikhlesh
It won’t work for users who are already in inactive LCS, user LCS should be changed to apply respective configurations.
$.changes[?(@.attribute == "testAtt1" && @.newValue == "To Be Disabled")]
After saving transform and applying changes to Identity Profile, workflow will trigger for those respective users.
But You should add this source in inactive LCS so that in future account will be disabled automatically when user moved to inactive LCS and you don’t need to depend on workflow.
– Krish
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.