Problem
A persistent request from identity security cloud customers is to gain visibility into the Account expiry dates and create a scheduled report to monitor them. Currently, Identity Security Cloud lacks a native way to provide a report of these events within the product.
Solution
In this article, I’ll provide a practical, lightweight solution for generating and scheduling a report in ISC by creating a one custom identity attribute and one transform.
- Creating Transform Logic
We’ll begin by creating a transform to calculate and read the expiry date from the account source, converting it into a readable date format.
Transform Logic Highlights:
firstValidevaluates date conversion first, falls back to “never” if null/empty.dateFormatconverts Active DirectoryaccountExpiresfromPEOPLE_SOFTtoISO8601.- Handles missing expiration dates gracefully with human-readable
neveroutput.
{
"name": "Account_date_check",
"type": "firstValid",
"attributes": {
"values": [
{
"attributes": {
"input": {
"attributes": {
"sourceName": "Active Directory",
"attributeName": "accountExpires"
},
"type": "accountAttribute"
},
"inputFormat": "PEOPLE_SOFT",
"outputFormat": "ISO8601"
},
"type": "dateFormat"
},
{
"attributes": {
"value": "never"
},
"type": "static"
}
]
},
"internal": false
}
- Creating Custom Identity Attribute
There are two main reasons to create custom identity attributes: to get a readable output from the account source and to get the report with the identity attribute directly from the search query report.
- Track your Report
Create a custom query to fetch the data according to your requirement, here i have taken the expiry date within 30 days.
attributes.adExpiryDateType:[now TO now+30d]
This query will give the list of the identities which end dates are within 30 days.
- Creating a Schedule Search report.
To create a subscription for the report, follow this link to access the full documentation.