Lifecycle event triggered but account not getting created in AD — how to troubleshoot?

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi everyone,

I’m facing an issue where the lifecycle event is triggering correctly, but the account is not getting created in Active Directory.

From what I’ve checked so far:

  • Lifecycle event is working as expected

  • Trigger conditions are met

  • Workflow is being executed

However, the account creation is not happening in AD.

I wanted to understand:

  • What are the key areas to check in this scenario?

  • Could this be related to provisioning configuration or connector setup?

  • Are there any common issues that might cause this behavior?

Trying to identify where the issue might be in the flow.

Thanks!

2

Hi @Gxurav713 Accounts are created in target source when an Entitlement from that source is assigned, not via LCS, which handles enabling/disabling.

3

Hi @Gxurav713 ,

Please review the following points:

  1. Key areas to validate in this scenario:
    i. Verify in the Lifecycle Management tab whether the assigned access item includes the required entitlement.
    ii. Ensure that the RBAC configuration contains the necessary entitlement.
    iii. Confirm that provisioning is enabled for the source.

    image
    image741×120 29.2 KB

  2. Could this be related to provisioning configuration or connector setup?

    • Check whether a Create Account profile has been configured with the correct attribute mappings.

Thank you.

4

Hi @Gxurav713 ,

Are there any provisioning failure events ?

5

Hi,

Got it, that makes sense.

So account creation is driven by entitlement assignment rather than the lifecycle event itself. I’ll check if the entitlement from the AD source is actually getting assigned as expected.

Thanks for clarifying!

6

Hi,

Thanks for sharing these points, this really helps.

I’ll go through the Lifecycle Management tab and verify if the required entitlement is part of the assigned access. Also will double-check the RBAC configuration and whether provisioning is enabled for the source.

The point about the Create Account profile and attribute mappings is also helpful — I’ll review that as well.

Thanks for the guidance!

7

Hi,

Good point.

I haven’t checked the provisioning failure events yet — I’ll review that and see if anything is showing up there.

Thanks for pointing this out!

8

Technically you could add an access profile to the LCS which contains the entitlement to allow provisioning of accounts, but I prefer to do it via Roles

9

Hi,

That makes sense.

Adding an access profile to the LCS could work, but using roles feels cleaner and more structured, especially from a design and governance perspective.

I guess it also helps keep things consistent across users instead of handling it at the lifecycle level.

Thanks for sharing!