Symantec IGA

Team,

We have a requirement to re-issue disable operation if IDM status is disabled and AD account status is enabled. This feature is not available OOTB in CA IDM. We have configured explore & correlate between AD and CA IDM for provisioning/updating the users from AD to CA IDM.

1. If IDM status is disabled, AD account is disabled.
2. If someone enable account directly in AD without enabling through IDM.
3. When we run explore & correlate operation on AD end point, we want to re-issue disable command to AD as IDM status is disabled.

Want to know if any OOTB solution for operation to disable the AD account as the user is disabled in IDM. Trying to figure out the possibilities.
 

Any help is much appreciated.

Using endpoint DIrectory mapping/ADSPayload , if you are able to detect the change in account state (enabled) via Explore, then you could write a PX on provisioning Modify user task to accomplish this.  cant recall from memory  if state info is detected via explore for which you may have to test in your setup.