Modify value of Enable/Disable Features for OnPremise source

dblanchard · October 10, 2024, 9:36am

Hello everyone,
I need to modify the values returned in an attribute during ENABLE/DISABLE features.
More specifically the Active Directory connector changes the UserAccountControl value to 512 during the “account enable” and 514 during the “account disable”. I need these values to be different.
I’ve found the SaaS connector creation documentation specifies that these settings can be modified at creation: Account Enable | SailPoint Developer Community But it’s at the creation of a new SaaS connector.
Since I need it for the OnPremise Active Directory source, do you know of a method for making this kind of change?
Thanks in advance,

MVKR7T · October 10, 2024, 10:01am

Hi

If I understood correctly, You would like to set values to UAC other than 512/514.

If so, did you try setting UAC in enable and disable provisioning policy ?

Thanks
Krish

dblanchard · October 10, 2024, 10:15am

Hi @MVKR7T
These provisioning policies are not in the direct connector docs, so I didn’t know they existed.
If I understand the API docs correctly, setting ENABLE or DISABLE policies will take control of account actions :

I’ll try to find some examples and test this, thanks!

MVKR7T · October 10, 2024, 10:38am

By default, only Create Account policy will be there. You can create other policies either by using API or it is simple using VSCode extension. PFB sample,

{
    "name": "Disable Account",
    "description": "Disable Account Provisioning Policy",
    "usageType": "DISABLE",
    "fields": [
        {
            "name": "AC_NewParent",
            "transform": {
                "type": "static",
                "attributes": {
                    "value": "OU=Disabled,OU=Accounts,DC=abcd,DC=com"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        }
    ]
}

{
    "name": "Enable Account",
    "description": "Enable Account Provisioning Policy",
    "usageType": "ENABLE",
    "fields": [
        {
            "name": "AC_NewParent",
            "transform": {
                "type": "static",
                "attributes": {
                    "value": "OU=Application,OU=Accounts,DC=abcd,DC=com"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        }
    ]
}

dblanchard · October 14, 2024, 9:17am

Hello @MVKR7T,

Thanks a lot, I didn’t know about the possibility of adding provisioning schemes on default sources. I’m going to take a much closer look at these features.

system · December 13, 2024, 9:18am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to enable features for SaaS Connectors ISC Discussion and Questions saas-connector , identity-security-cloud	4	751	July 19, 2023
Obtaining the Disable Provisioning Policy Attributes on Custom SaaS Connector ISC Discussion and Questions saas-connector , provisioning	6	623	July 19, 2023
Unable to update identity attributes in ad using SailPoint source ISC Discussion and Questions provisioning	1	987	July 19, 2023
How to modify account request attributes in connector execution rule ISC Discussion and Questions identity-security-cloud , provisioning	13	1039	November 7, 2023
Enable/Disable account for an identity using SailPoint APIs ISC Discussion and Questions apis , identity-security-cloud	4	41	December 14, 2024

Modify value of Enable/Disable Features for OnPremise source

Related topics