Identity Status

We use a directory connection for users to sign into IdentityNow, and we do not send invitations. When the user connects to IdentityNow for the first time, their Identity Status changes to Active. If they have never signed in, their Identity Status says Not Invited.

It appears Password expiration emails are only being generated for users that have an Active Status. Is there a way to make a bulk update to the Status attribute on Identities? Can we tie the Identity Status to the Cloud LifeCycle State? Or can we update the Email Template to look at a different attribute like Cloud LifeCycle State?

I don’t think you can modify what attribute triggers an email to be sent. The Password Expiration only considers the SailPoint Status when determining to send an email or not.

May I ask why you need to send a password expiration email for users who have never signed into IDN? If they never sign in, are they likely to change their password when they receive the notice? I ask because there may be a better approach to the problem you have, rather than artificially activating users who have never signed in.

We currently has a system that notifies users when their passwords are going to expire. We would like to retire that system and replace it with IdentityNow. One of the requirements is for the notifications to go to all users. We can’t meet that requirement with the current Identity Status constraint.

There is no way to update a user’s status to “Active”. They have to login for that to change.

To fulfill your requirement, you could try the following approaches:

  1. Ask all of your users to log in once to enable the password expiration email.
  2. Send out an invite email for each inactive user to remind them to login.
  3. Generate a search report for all inactive users and send them an email that their password will expire unless they login. It wouldn’t be the same as the email template, but it would be a notification. This could be accomplished using Workflows.
1 Like