Reset AD Account Password via SailPoint

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hi All …

We have the following two scenarios of disabling leavers AD account.

1: Leavers AD account gets auto disabled by SailPoint once their lifecycle state is changed to inactive.

2: We do have an exception for some leavers, where we manually disable their AD account within the SailPoint by going to their identity account > accounts > disable AD account. Their identity account and other source accounts stay enabled except their AD account.

In either of above two scenarios, we want to automatically reset their AD password (ideally twice) once their AD account gets disabled. Could we do this via SailPoint? If yes, could you please advise on the steps?

Thanks

2

HI @nhassan,

In this case you can go for “DISABLE” type provisioning policy where you can create one for AD source. So, whenever accounts get disabled either automatically or manually, this provisioning policy will be invoked, and new password will be set. Policy will go as below

Note: Here for password generation, it’s using default rule.

{
    "name": "Account",
    "description": null,
    "usageType": "DISABLE",
    "fields": [
        {
            "name": "password",
            "transform": {
                "type": "rule",
                "attributes": {
                    "name": "Create Password"
                }
            },
            "attributes": {
                "cloudRequired": "true"
            },
            "isRequired": false,
            "type": "secret",
            "isMultiValued": false
        }
    ]
}
2 Likes
3

@JackSparrow Thanks for your help with this.

I will try this in sandbox first.

4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.