Hello experts!
I would like to know if there is way of finding Identities whose manager Lifecycle State is inactive, so we can create a policy for Service Accounts and ensure they always an active responsible.
As per the documentation, seems this is not possible because the only Second Level attributes for managers are name, displayName and id.
Nevertheless, in case I am missing something, I’m creating this post. It would be something like:
name:srv and manager.status:inactive
Cheers!
Hi @henryojeda,
You should be able to get identities with the manager’s cloudLifecycleState. Please create a below transform to get the cloudLifecycleState of the manager and apply it to the identity attribute and leverage this newly created identity attribute in the search.
{
"attributes":{
"uid":"manager",
"name":"Cloud Services Deployment Utility",
"attributeName":"cloudLifecycleState",
"operation":"getReferenceIdentityAttribute"
},
"id":"Transform-GetManagerLCS",
"type":"rule"
}
I hope this helps.
Thanks,
Sushant
Thanks Sushant!
I’ll try and let you know.
Regards!
@Sushantmrj is there a typo in the id of your transform? Looks like Transform is spelled wrong…
Thanks for catching that, @colin_mckibben. I have edited the above post.