Working on setting up create disabled AD when in prehire LSC

Hello everyone,

I was doing some research on this topic and came across these 2 post.

Nether of which seem to have come to a solution. So I am opening this tread in hopes to figure out the solution and then created a knowledge base on it out lining what all needs to be done in order to achieve this. Based on the configuration I have I would of thought this would work as I intended it to. But the last part of disabling the AD account is not working as designed. All feed back is welcome.

End goal I am trying to achieve:

  1. AD account is create in a disabled state.
  2. ServiceNow is created in an Enabled state.
  3. Cube is enabled.
  4. AD should enable 24 hours before Start Date (Hire_Date__c)
  5. User should be in prehire state for any day more then 24 hours from start date.
  6. At the 24 hour mark mark account as active.

What is working:

  1. Cube is being created
  2. LifeCycleState is PreHire until day before start.
  3. AD account is created
  4. ServiceNow account is created
  5. User moving to active at the 24 hour mark

What is not working:

  1. AD remains enabled

Example:

User

Configs

Identity Profile

AD Create Account

{
    "name": "Account",
    "description": null,
    "usageType": "CREATE",
    "fields": [
        {
            "name": "ObjectType",
            "transform": {
                "attributes": {
                    "value": "User"
                },
                "type": "static"
            },
            "attributes": {
                "cloudRequired": "true"
            },
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "sAMAccountName",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "uid"
                }
            },
            "attributes": {
                "cloudMaxUniqueChecks": "50",
                "cloudMaxSize": "20",
                "cloudRequired": "true"
            },
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "distinguishedName",
            "transform": {
                "attributes": {
                    "ou": {
                        "attributes": {
                            "name": "standardOu"
                        },
                        "type": "identityAttribute"
                    },
                    "patterns": [
                        "CN=$uid,$ou"
                    ],
                    "sourceCheck": false,
                    "uid": {
                        "attributes": {
                            "value": "$sAMAccountName"
                        },
                        "type": "static"
                    }
                },
                "type": "usernameGenerator"
            },
            "attributes": {
                "cloudMaxUniqueChecks": "99",
                "cloudMaxSize": "150",
                "cloudRequired": "true"
            },
            "isRequired": false,
            "type": "",
            "isMultiValued": false
        },
        {
            "name": "displayName",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "addisplayname"
                }
            },
            "attributes": {
                "cloudMaxSize": "64"
            },
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "manager",
            "transform": {
                "attributes": {
                    "name": "Get Manager LDAP DN"
                },
                "type": "rule"
            },
            "attributes": {
                "cloudRequired": "true"
            },
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "mail",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "password",
            "transform": {
                "attributes": {
                    "values": [
                        "REDACTED ",
                        {
                            "attributes": {
                                "values": [
                                    {
                                        "attributes": {
                                            "attributeName": "Last 4 digits of SSN__c",
                                            "sourceName": "Workday Production Sandbox"
                                        },
                                        "type": "accountAttribute"
                                    },
                                    {
                                        "attributes": {
                                            "attributeName": "Last 4 digits of SSN__c",
                                            "sourceName": "Workday Sandbox"
                                        },
                                        "type": "accountAttribute"
                                    },
                                    {
                                        "attributes": {
                                            "attributeName": "last_4_ssn_ne_attribute",
                                            "sourceName": "SecZetta"
                                        },
                                        "type": "accountAttribute"
                                    },
                                    {
                                        "attributes": {
                                            "attributeName": "last_4_ssn_ne_attribute",
                                            "sourceName": "SecZetta Collaborator"
                                        },
                                        "type": "accountAttribute"
                                    },
                                    {
                                        "attributes": {
                                            "attributeName": "Last 4 digits of SSN__c",
                                            "sourceName": "Workday Test Data"
                                        },
                                        "type": "accountAttribute"
                                    },
                                    {
                                        "attributes": {
                                            "attributeName": "Last 4 digits of SSN__c",
                                            "sourceName": "WDUnit"
                                        },
                                        "type": "accountAttribute"
                                    }
                                ]
                            },
                            "type": "firstValid"
                        }
                    ]
                },
                "type": "concat"
            },
            "attributes": {
                "cloudRequired": "true"
            },
            "isRequired": false,
            "type": "secret",
            "isMultiValued": false
        },
        {
            "name": "givenName",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "adfirstname"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "sn",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "adlastname"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "userPrincipalName",
            "transform": {
                "type": "static",
                "attributes": {
                    "value": "$(firstname).$(lastname)$(uniqueCounter)@ssmhealthtesturl.com"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "pwdLastSet",
            "transform": {
                "type": "static",
                "attributes": {
                    "value": "true"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "boolean",
            "isMultiValued": false
        },
        {
            "name": "IIQDisabled",
            "transform": {
                "attributes": {
                    "value": "false"
                },
                "type": "static"
            },
            "attributes": {},
            "isRequired": false,
            "type": "boolean",
            "isMultiValued": false
        },
        {
            "name": "primaryGroupDN",
            "transform": {
                "attributes": {
                    "value": ""
                },
                "type": "static"
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "description",
            "transform": {
                "attributes": {
                    "value": "Provisioned by IdentityNow."
                },
                "type": "static"
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "telephoneNumber",
            "transform": {
                "attributes": {
                    "name": "workPhone"
                },
                "type": "identityAttribute"
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "company",
            "transform": {
                "attributes": {
                    "name": "company"
                },
                "type": "identityAttribute"
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "department",
            "transform": {
                "attributes": {
                    "name": "department"
                },
                "type": "identityAttribute"
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "departmentNumber",
            "transform": {
                "attributes": {
                    "name": "departmentCode"
                },
                "type": "identityAttribute"
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "employeeNumber",
            "transform": {
                "attributes": {
                    "name": "identificationNumber"
                },
                "type": "identityAttribute"
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "physicalDeliveryOfficeName",
            "transform": {
                "attributes": {
                    "name": "organizationRegion"
                },
                "type": "identityAttribute"
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "cn",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "title",
            "transform": {
                "attributes": {
                    "name": "jobProfile"
                },
                "type": "identityAttribute"
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "extensionAttribute6",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "managerNameForEmail",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        }
    ]
}
1 Like

Change the IIQDisabled to True
{
“name”: “IIQDisabled”,
“transform”: {
“type”: “static”,
“attributes”: {
“value”: “true”
}
},
“attributes”: {},
“isRequired”: false,
“type”: “boolean”,
“isMultiValued”: false
}

thats it.

1 Like

Are you saying to add this to the create account provisioning profile?

Yeah , you already have that , just changed to true :slight_smile:

Thank you that worked. I will work on creating a knowledge base on this and highlight any thing that we find during out testing. I know we have a couple of use cases where I might need to get a little more creative. But for my original ask this was the solution thank you again.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.