The RSA Identity Governance & Lifecycle Access Fulfillment Express (AFX) connector capabilities are pre-defined with parameters to be passed to the endpoint. Each capability provides the option to add more parameters by navigating to
AFX >
Connectors > {
connector-name] >
Edit >
Capabilities tab > {
name of capability} >
Add More... button.
When more parameters are added to the
Disable/Enable an Account capabilities defined for the Active Directory AFX connector, only the
UserAccountControl (UAC) parameter is updated in Active Directory (AD). Any additional parameters are not updated. This is true for both existing attributes and custom attributes in RSA Identity Governance & Lifecycle.
Example:
In the below examples
Disable an Account was first configured to update the email address of the AD user when their account was disabled. The problem is that when AFX disabled an account, the account was disabled but the email address was not updated in AD. In the second example Disable an Account was configured to update a custom attribute. The same was true here. When AFX disabled an account, the account was disabled but the custom attribute was not updated in AD.
Existing AD Attribute
Custom AD Attribute