Keep Identity Lifecycle State Active Until All Accounts are disabled

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

I have a single source
The single source contains 2 accounts (Account A, and Account B)
Account A is inactive and Account B is active
The cloud lifecycle transform is defined as follows:

   "nempStatus": {
                "attributes": {
                    "values": [
                        {
                            "attributes": {
                                "attributeName": "IIQDisabled",
                                "sourceName": "Non Employee"
                            },
                            "type": "accountAttribute"
                        },
                        {
                            "attributes": {
                                "value": "false"
                            },
                            "type": "static"
                        }
                    ]
                },
                "type": "firstValid"
            }

As a result of the transform, and the status of the accounts, the identity lifecycle is inactive.

I expect that the identity lifecycle state to remain active until both Account A and Account B are inactive.

2

Hi @adebomol2024,

Based on acccountAttribute documentation here : Account Attribute | SailPoint Developer Community

There a precision about multiple account behavior :

image
image1478×177 23.6 KB

image
image1743×1168 246 KB

That’s mean for the get account attribute will retrieve by default the non null attribute.
I think you can’t check the IIQDisabled at the same time.

I think you can do this :

 "nempStatus": {
                "attributes": {
                    "values": [
                        {
                            "attributes": {
                                "attributeName": "IIQDisabled",
                                "sourceName": "Non Employee",
                                 "accountSortDescending": true
                            },
                            "type": "accountAttribute"
                        },
                        {
                            "attributes": {
                                "attributeName": "IIQDisabled",
                                "sourceName": "Non Employee",
                                 "accountSortDescending": false
                            },
                            "type": "accountAttribute"
                        },
                        {
                            "attributes": {
                                "value": "false"
                            },
                            "type": "static"
                        }
                    ]
                },
                "type": "firstValid"
            }

Note :

  • The best way can be to use accountPropertyFilter if you can differenciate your two accounts.

  • And as another idea about implementation of this transform is to use a global static transform and define two variables nempStatusAccountAccountA and nempStatusAccountAccountB and then in the value you can a evalue if this to variable are false before set your lcs in false.

For the best check

3

Hey welcome to the developer forum.

I would suggest you to leverage static transform for your usecase as you can have if else conditions and it will provide you with the correct output.

Reference here:
Static | SailPoint Developer Community

Thanks,
Aman

4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.