We have a requirement to disable the user in CA IDM post the user has been removed from the AD group (terminated). This feature is not available OOTB in CA IDM. We have configured explore & correlate between AD and CA IDM for provisioning/updating the users from AD to CA IDM.
Any help is much appreciated.
Any pointers here please.
Have you already explored Reverse Sync option in PX? If PX detects, AD Account modification (which is Ad Group removal), you may take action to disable user. Delete user is only possible via Delete User admin task execution via SOAP call in TEWS.
I am not clear on exactly what you are doing and how you are doing it.
Are you deleting the AD account or simply removing an AD group from the AD account? Are you making those changes via the IM layer or natively on the AD side?
If you are submitting the changes through the IM layer then you might be able to use PX Policies to trigger on those IM submitted tasks/events to perform additional work.
But if the changes are done natively on the AD side itself and only picked up by running an Explore then those notifications back to IM layer would only be "actionable" via IM Reverse Sync Policies and those would only let you revert the AD change and not take actions on the IM users.
Now if you also had Endpoint Attribute Mappings defined then running the UPDATE of the Explore would update Provisioning Users and so maybe those notifications back to the IM layer would allow for PX policies to be configured on the Provisioning Modify User task to take additional steps but again I am not really too clear on the specifics of what you have, what you are asking, and what you are trying to do.