Disable just Active Directory Account

reinajss · July 29, 2023, 4:11am

Hi guys,

Could you help me in this doubt?
I only need to block the AD account when the user goes on vacation, is it possible to do this process in the workflow, if so, how can this process be done?

Thanks in advance for the help.

sharvari · July 30, 2023, 12:51pm

Yes, you can do this using workflows.

You can use the Identity Attributes Changed trigger to identify a person going on vacation.
Use Wait action in the workflow until the vacation start date
Use Manage Accounts action to trigger a disable on the AD source account of the user

If you don’t want to use workflows, you can introduce a new “On Vacation” lifecycle status in your identity profile. When user switches to this LCS you can configure the LCS to disable the AD account.

reinajss · August 23, 2023, 12:23pm

Hi Sharvani,
I tried to do this process using workflow, but it disabled all AD accounts from the source, do you have an example of this process for just the identity that is going on vacation?

Thanks in advance for your help.

ts_fpatterson · August 23, 2023, 12:31pm

I’m curious, why you don’t have a Lifecycle state for vacation, similar to leave of absence, or other lifecycle states?

I would assume you would want to handle this in a transform and an Identity Profile.

iamnithesh · August 23, 2023, 12:41pm

I second this response… in my opinion LCS would be the simplest way to achieve this

iamnithesh · August 23, 2023, 12:52pm

Can you share the screenshot of your workflow on builder including the “Select Accounts” configuration of “Manage Accounts” action

sharvari · August 23, 2023, 12:57pm

Can you post the screenshot of the Manage Accounts step from your workflow?

reinajss · September 5, 2023, 12:32am

Thank you very much guys, we managed to solve this problem, we used the following code in the process of blocking the Active directory account: $.getAccounts.accounts[?(@.sourceId == ‘Acitive DirectoryID1’ || @.sourceId == 'Acitive DirectoryID2 ')].id

with that he blocks only AD accounts. We are using this process because we need to validate if the user who is leaving on vacation is a manager, if he is a manager we cannot block the accounts, that’s why we use the workflow.

Thanks so much for everyone’s help.

system · November 4, 2023, 12:33am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Disable User account ISC Discussion and Questions identity-security-cloud	4	689	July 19, 2023
Bulk disable account for source ISC Discussion and Questions workflows , identity-security-cloud	6	39	November 9, 2024
Disable Accounts in Bulk using workflow ISC Discussion and Questions workflows , identity-security-cloud	14	80	November 24, 2024
Workflow leaver - AD disable changed automatically to create IIQ Discussion and Questions workflows , identityiq , provisioning , roles	5	52	November 18, 2024
Retrigger LifeCycleState ISC Discussion and Questions identity-security-cloud , lifecycle-management	6	347	January 11, 2024

Disable just Active Directory Account

Related topics