Hello,
I have an authoritative source Active Directory called EmployeesFromAD.
From this source we create in Sailpoint all the Identities of type Employee.
I don’t know what is the correct solution to set the status of the Identity from the status of the account AD.
In the AD schema is not present the attribute status but only the attribute userAccountControl. After the aggregation I can see the status of the account (Enabled or Disabled) so the connector internally know of to map userAccountControl to the status of the account.
How can I do the same in the identity profile ?
My Idea is to create a transform like this:
{
"name": "Lookup Transform - UserAccountControl to LifeCycleStates",
"type": "lookup",
"attributes": {
"table": {
"512": "active",
"514": "inactive",
"66048": "active",
"66050": "inactive",
"262656": "active",
"262658": "inactive",
"328192": "active",
"328194": "inactive",
"2": "inactive",
"544": "active",
"546": "inactive",
"66080": "active",
"66082": "inactive",
"262688": "active",
"262690": "inactive",
"328224": "active",
"328226": "inactive",
"0": "active",
"default": "inactive"
}
},
"internal": false
}
And set this tranform in the identity profile in the attribute cloudLifeCycleState linked to the attribute AD userAccountControl. Is a good solution or is a bad workaround ?
Thanks