Disabling account discussion

sjoyee · October 19, 2023, 8:02am

Hi all,

In our use case, we would encounter scenario where one user having accounts from source A and B, and want to disable only account A. Currently, we have an offboarding LCS to disable all accounts owned by this identity. Is it the best approach to configure multiple LCS for each source account to be disabled?

Thank you.

MVKR7T · October 19, 2023, 10:51am

If it is only for one user, then it is not a good idea to implement a solution for this. You can just enable the specific account again.

In case if it is a requirement for set of users, then yes you can have multiple LCS to manage your requirements. It is quite common to have multiple LCS not just active and inactive.

Alternatively you can add conditions to exclude some users for some sources while disabling accounts, if it is a workflow or some external scripts.

sjoyee · October 20, 2023, 3:40am

Hi Krishna,

Thank you for the response. It is actually a common use case in our requirements where user will disable one or more accounts but not all accounts owned by this identity.

Example, I have accounts from source A, B and C, but on the same day, I need to disable accounts from source B and C. And for some other user, it will be only disabling the account from source C. Meaning I have to create multiple LCS to cater the different combinations of accounts to be offboarded?

Is there any other way other than configuring LCS in IDN, eg: rules / workflow ? Or a way for me to trigger disable operation via some flags given by authoritative source?

MVKR7T · October 20, 2023, 7:46am

As I mentioned, it is ok to have multiple LCS in IDN. It is completely depends on your requirement, see if it is a good approach or not.

Alternatively, you can use workflow.

Trigger: Identity Attribute Change
You mentioned that you have some flags from HR Source, you can use them.

Action: Manager Account
You can disable the accounts.

For more info, look into the below document.

There is no good or bad approach, it is subjective to the requirement.

edmarks · October 20, 2023, 6:29pm

I would likely look to Workflow for this to solve the more complex logic vs. LCS.

system · December 19, 2023, 6:30pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is it possible to invoke multiple LCS sequentialy? ISC Discussion and Questions workflows , identity-security-cloud , access-requests , entitlements	12	281	January 12, 2024
Identity Profile Provisioning Settings for Multiple Accounts ISC Discussion and Questions identity-security-cloud , provisioning	3	234	March 17, 2024
Delete AD user at some HR event ISC Discussion and Questions identity-security-cloud , provisioning	7	377	October 24, 2023
Delete / Drop Accounts ISC Discussion and Questions	5	486	July 19, 2023
IDN - Timing of the "Account Disable" event ISC Discussion and Questions identity-security-cloud	3	144	March 23, 2024

Disabling account discussion

Related Topics