Hello,
We would like to update a user’s sAMAccountName, mail, and userPrincipalName whenever there is a change in the user’s first name or last name. However, we do not want these attributes to be updated automatically as soon as one of these identity fields is modified, as this could abruptly interrupt the user’s access.
Instead, our goal is to notify the user about the upcoming changes as soon as the modification is detected, and then update these attributes after a defined waiting period to ensure a smooth transition.
Has anyone implemented a similar use case or could share best practices for managing this kind of delayed attribute update?
Create an identity attribute named “nameChangeDate”
Set up a transform to calculate the value for this attribute based on below logic
Check if the current value is empty
Check if current first name or last name is different from the values from SoT
If both of the above are true, set current date as the value for “nameChangeDate“ and trigger a workflow to notify user (based on identity attribute change from empty to something)
If condition 1 is not true (ie current value exists) check if the value is “n” days old, where n is when the sAMAccountName will be updated from actual name change
If condition 4 (n days old) is true reset the value to empty and trigger the changes to sAMAccountName and other fields (this will need an entire different logic)