000030637 - Active Directory AFX 'Disable/Enable an Account' connector capabilities do not update added parameters in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Nov 4, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000030637
Applies ToRSA Product Set: Identity Governance & Lifecycle 
RSA Version/Condition: 6.9.1, 7.0.x, 7.1.x

IssueThe RSA Identity Governance & Lifecycle Access Fulfillment Express (AFX) connector capabilities are pre-defined with parameters to be passed to the endpoint. Each capability provides the option to add more parameters by navigating to AFX > Connectors > {connector-name] > Edit > Capabilities tab > {name of capability} > Add More... button.

When more parameters are added to the Disable/Enable an Account capabilities defined for the Active Directory AFX connector, only the UserAccountControl (UAC) parameter is updated in Active Directory (AD). Any additional parameters are not updated. This is true for both existing attributes and custom attributes in RSA Identity Governance & Lifecycle.


In the below examples Disable an Account was first configured to update the email address of the AD user when their account was disabled. The problem is that when AFX disabled an account, the account was disabled but the email address was not updated in AD. In the second example Disable an Account was configured to update a custom attribute. The same was true here. When AFX disabled an account, the account was disabled but the custom attribute was not updated in AD.
Existing AD Attribute

User-added image

Custom AD Attribute

User-added image

CauseThis is the current functionality of the product. When disablying/enabling accounts, the Active Directory AFX connector only updates the UserAccountControl attribute and no other attributes that are defined in the capability.
ResolutionProduct enhancement request ACM-55232 has been submitted to request that the Active Directory AFX connector capabilities be able to update added parameters.Product enhancement requests are evaluated by Product Management to determine when/if they will be added in a future release.    
Please go to RSA Ideas for RSA Identity Governance & Lifecycle to submit and/or vote on an enhancement request. For more information, please see 000036416 -- How to log a request for enhancement (RFE) for RSA Identity Governance & Lifecycle.