In SailPoint IIQ, can I grant users the ability to unlock AD accounts but not disable/enable AD accounts?

Which IIQ version are you inquiring about?

8.3

In SailPoint IIQ, can I grant users the ability to unlock AD accounts but not disable/enable AD accounts?

Hi @andrewhhelleroptum,

you can manage at application level the capability to lock\unlock and disable\enable with the featuresString:

If you remove Enable, nobady can enable\disable account for this app, the same with unlock.

Thank you!

And I can keep unlock and remove enable or

Keep enable and remove unlock

They are not tied together, is that accurate?

I’m pretty sure this will also impact your provisioning plan as well. So if the featureString action is not included in your application definition, you cannot programmatically use LCM Provisioning or the provisioner to execute a plan with that action.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.