Hi everyone,
Is there a global configuration in IIQ to disable accounts instead of deleting them upon revocation in Certifications?
We’re currently using Before Provisioning Rules per application, but if not configured, there’s a risk of unintended account deletions.
Looking for a centralized and consistent approach—any suggestions?
Thanks in advance!
Hi Chaitanya,
You can configure tag -to convert delete action to disable in the application xml. In request or certification action of revoke account will be converted to disable account with this config. You will have to make sure application is configured to support account disable operation.
Thanks,
Pallavi
we want to change the operation from disable to delete only for certification action @pallavi
ok, in that case then the option is to check for source = certification and then set the operation in the plan as required in the before prov. rule. This need to be handled per application basis in my opinion. I am not aware of any other global config for this action.
We are already using before provisioning rule to check for source = certification and configuring it per application. We are looking for global configuration if there is any.