Hi Team,
We have a requirement to set “account lock password expire” when the user leaves from the company and we need to use SQL query as below and how to achieve this and could anyone please share the code for the same?
alter user test account lock password expire;
Thanks
Kalyan
Thanks
Kalyan
Good Day!
This uses case can be achievable by using JDBC provisioning rule. Add the below code in your rule. This might helpful for you.
else if ( AccountRequest.Operation.Disable.equals( account.getOperation() ) )
{
String username=getAttributeRequestValue(account,"attributeName");
String accountlock =" alter user " + username + " account lock password expire";
PreparedStatement DisableStatement = connection.prepareStatement( accountlock );
DisableStatement.executeUpdate();
result.setStatus(ProvisioningResult.STATUS_COMMITTED);
}
Thank you!
Hi @Sagar_18 thank you for your reply and I will check on this and update you.
Do we need to add any featurestring for JDBC source lock operation and in identity profile do we need to add anything for JDBC lock?
Thanks
Kalyan
No need to add any operation, only you just need to add your source in inactive LCS and configure for the disable operation.
once the user lifecycle state is change to inactive disable operation is trigger and you password lock query will be execute.
Thank you!
Hi @kalyannambi2010,
First check your source under provisioning tab in identity profile. if it is not configured then you may add your source in identity profile provisioning tab in inactive. Find below image for your reference.
In provisioning rule under disabled operation execute user account disable and lock queries, if you have both the queries.
Thank You.
Hi @Sagar_18 and @gogubapu thank you for the update.
Can we drop/delete the account in the same SQL Disable operation or do we need to write another SQL operation for drop/delete the account from database?
Do we need add another LCS for drop/delete the account or inactive LCS is sufficient?
Thanks
Kalyan
Hi @gogubapu thanks for the update and do we need add another LCS for drop/delete the account or inactive LCS is sufficient?
Thanks
inactive is sufficient.
Hi @gogubapu thank you and do we need to add anything in “features” of the sources for disable/inactive?
Thanks
May be not required for JDBC.
Hi @gogubapu in identity profile my JDBC source is not listed for inactive/disable LCS?
Thanks
add your source and test, referring above screenshot
Hi @Sagar_18 and @gogubapu I tried to set inactive flag for termitaed users but when I try to reaggegate the users it is showing as enabled again in the system? Do I need to set IIQDisabled anywhere and how to set?
Thanks
Kalyan
Hi @kalyannambi2010,
Build a JDBC BuildMap rule and in that rule set IIQDisabled. refer below link for more details: JDBC BuildMap Rule | SailPoint Developer Community
Thank You.
Hi @gogubapu and @Sagar_18 thank you for your reply.
1.How to get cloud life cycle in JDBC provisioning rule?
2. How to set some predefined values to account schema attributes in JDBC provisioning rule?
Thanks
Kalyan
Hi @gogubapu and @Sagar_18 thank you for your reply.
1.How to get cloud life cycle in JDBC provisioning rule?
2. How to set some predefined values to account schema attributes in JDBC provisioning rule?
3. Can we execute mutiple SQL statements in one operation?
Thanks
Kalyan
Hi everyone,
I am able to execute update SQL query but some schema attributes are not gettig populated till we do next aggregation. any idea on this?
Thanks
Kalyan
Hi everyone,
I am able to execute update SQL query in JDBC provisioning rule but some schema attributes are not gettig populated till we do next aggregation. any idea on this?
Thanks
Kalyan
Hi @Sagar_18 and @gogubapu thank you for the update.
I am able to execute SQL disable query and in IDN GUI after jdbc reaggregation only it is populating the respective account lock password expire filed. In database backend it is popultaing properly after SQL disable query execution.
Do we have any other way we can populate this field immediately in IDN GUI after user termination?
Thanks
Kalyan
