Deprovisioning in Active Directory


I have integrated active directory to identitynow and have aggregated all the AD accounts to INow. Now, I’m looking to execute a use case to deprovision user access and disable the account when user is termed.

I think i need to use before provisioning rule here. Is there any other way of executing this other than before provisioning rule.

Hi Chandra,

The simplest way to achieve this would be yo use Identity Lifecycle states to trigger Disable operation on AD account when an identity switches to “Termed” LCS.

Please refer Setting Up Lifecycle States - SailPoint Identity Services for details on configuring LCS.

You will need a Before Provisioning rule in case you plan to modify the default provisioning plan generated for the operation.

1 Like


If i’m not wrong, during the access review process, when certifier rejects the user access, Identitynow will automatically revoke the access from the respective connected source

Am I right?

Yes, for connected sources the remediation happens automatically after the certification is signed off by reviewer.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.