How we can move the OU OF AD from OU=Users to OU=DISABLE at life cycle state Terminated in sailpoint isc

Identity Security Cloud (ISC) ISC Discussion and Questions
1

How we can move the OU OF AD from OU=Users to OU=DISABLE at life cycle state Terminated in sailpoint isc?

do we need sailpoint support for that like opening a case?

2

Hi @Rakesh_Singh_1234 ,

I think for this you need to write the rule. Please check the given below link.

Thank you!

3

Hi @Rakesh_Singh_1234,
You can create a Disable Provisioning Policy and add the following in there
{
“name”: “Account Disable”,
“description”: “Account Provisioning Policy”,
“usageType”: “DISABLE”,
“fields”: [
{
“name”: “AC_NewParent”,
“transform”: {
“type”: “static”,
“attributes”: {
“value”: “Your OU Here”
}
},
“attributes”: {},
“isRequired”: false,
“type”: “string”,
“isMultiValued”: false
}
]
}

Once this is created then go to Identity Profile → Provisioning → Terminate state → Configure Change → Disable Account → Add AD account in Disable State and Save. Please test this and let us know if this works for you

1 Like
4

hey @RAKGDS where can i find the disable prov policy can u elaborate pls ?

5

Using Postman you can do it or use the Visual Studio Code to add them

6

u mean to say through Partial update of Provisioning Policy under sources in beta api?

7
8

Using Services Standard Before Provisioning Rule that is available from SailPoint makes this process (and many other) quite easy to configure.

Check this link for details:

2 Likes
9

@iamnithesh thanks but what is the process do we need to contact sailpoint support for attaching the rule to AD?

10

You need to open a ticket with SailPoint. This is for all cloud rules

11

Hi @Rakesh_Singh_1234,

There is one more way by using the After modify Rule that is connector rule and You can use the poweshell script to do the OU movement.

Thank You!