Hi folks,
In our project we have a requirement where we need to pull the LastUserActionTime attribute value from exchange online for some users in a rule where we are also reading the lastlogonTimestamp from on-prem AD account of the users (which we are able to do). We need to then compare and calculate the user’s logon action on both on-prem AD and exchange online and then compare then with a number of days they haven’t logged in to the on-prem AD or exchange online.
We are able to achieve the lastLogonTimestamp value from on-prem AD for the users since AD aggregation is able to pull the record and we can read same via the user’s link object.
But, the problem arises with exchange online since we have Azure AD and this doesn’t have the last logon type of attribute. It seems earlier AD teams manually used to read the LastUserActionTime from exchange online and perform manual actions at their end. But in sailpoint IIQ for the business requirement, we need to fetch this LastUserActionTime attribute value to the user’s profile and read same in the same rule (where we are calculating the lastlogontimestamp of on-prem AD link of the users) to do further calculations.
- Is there anyway we can achieve same?
- Can we pull that attribute (LastUserActionTime) value into the Azure AD link of users or AD link of users in any method?
- Is it only powershell that can help us? Is yes, is it possible in the same rule where we are reading the “lastlogontimestamp” from the user’s link objects via beanshell?
- Do, Azure AD has any similar attribute as like LastUserActionTime of exchange online?
- Since, exchange online connector is deprecated in earlier versions, is it any possibility to fetch its attributes for the users?
- If, we are going to upgrade to 8.1/8.2, will there be any change/further support to above answers?
Version: 7.3p2, We are in discussion to upgrade to 8.1/8.2 in coming months.
Thanks & Regards,
Rajdeep.