Disabled accounts

I’ve been able to use the ‘IIQisabled’ account attribute on all sources including those that didn’t already have it integrated except one, IdentityNow. Is there a way to enable/disable the IdentityNow account based on cloudLifecycleState?

We see the account getting disabled manually but it doesn’t get re-enabled automatically. Since the account isn’t getting disabled automatically the pre-built search report, ‘Inactive Identities with Active Accounts’ isn’t very useful.

Workflows isn’t an option for us currently.

Any feedback is appreciated.
Kelvin

Hi @kwhipple,

I think there should be something easier and more out of the box than what I am suggesting, but in cases where you want to treat IdentityNow as a source on its own, the following post might be able to help you further, which does not rely on workflows:

Hope that helps,

Kind regards,
Angelo

I agree I think it would be the easiest solution to use management connector and make direct connection with IDN

I wasn’t aware of this connector. Since they prefer we don’t do a lot of customization this may be the solution. At least until we get workflows (I was told next year, maybe…)

Thanks for everyone’s suggestions!

whoops deleted my posts, lemme put it back in case someone else wants to read it.

Without workflow on a tenant, I’ve use an attribute changed event trigger, filtered in cloudlifecyclestate to call a lambda function that calls the api to disable/enable the idn account based on cls. I totally agree it would be great and presumably easy to add to the id profile provisioning actions and be an oob feature.

One note, for enable, use identity reset API, extra bonus it strips any previous elevated access in IdN on rehire.

Here’s the cc endpoint, don’t know its replacement or if one exists
/cc/api/user/reset

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.