Symantec IGA

Expand all | Collapse all

Re-Issue Disable Command to AD Account based on IDM Status

Jump to Best Answer
  • 1.  Re-Issue Disable Command to AD Account based on IDM Status

    Broadcom Employee
    Posted 12-20-2017 04:39 PM

    Team,

    We have a requirement to re-issue disable operation if IDM status is disabled and AD account status is enabled. This feature is not available OOTB in CA IDM. We have configured explore & correlate between AD and CA IDM for provisioning/updating the users from AD to CA IDM.

     

    1. If IDM status is disabled, AD account is disabled.
    2. If someone enable account directly in AD without enabling through IDM.
    3. When we run explore & correlate operation on AD end point, we want to re-issue disable command to AD as IDM status is disabled.

     

    Want to know if any OOTB solution for operation to disable the AD account as the user is disabled in IDM. Trying to figure out the possibilities.
     

    Any help is much appreciated.



  • 2.  Re: Re-Issue Disable Command to AD Account based on IDM Status
    Best Answer

    Broadcom Employee
    Posted 12-22-2017 12:37 AM

    Using endpoint DIrectory mapping/ADSPayload , if you are able to detect the change in account state (enabled) via Explore, then you could write a PX on provisioning Modify user task to accomplish this.  cant recall from memory  if state info is detected via explore for which you may have to test in your setup.