| Article Number | 000036801 |
| Applies To | RSA Product Set: Identity Governance & Lifecycle
|
| Issue | The RSA Identity Governance & Lifecycle termination date field does not populate with the Active Directory accountExpires attribute collected via an Active Directory Identity Collector (IDC).
Notes
- The termination date is set in the raw data but not in the user record.
- The accountExpires information may be collected into a custom attribute field.
Symptoms
- Note the accountExpires attribute is populated with an expiration date in the Active Directory.
- The data for accountExpires is collected as the Termination Date by the AD IDC.
- After running the AD IDC and unification, the Termination Date is set in the raw data.
- In RSA Identity Governance & Lifecycle, the Termination Date in the user record is blank.
|
| Cause | This is expected behavior. In RSA Identity Governance & Lifecycle, the termination_date field indicates when a user was terminated, not when an active user will get terminated, unlike the accountExpires attribute in the AD. The Termination Date field will not be set unless the the user is terminated; that is, when the is_terminated field is set to true. |
| Resolution | Either collect accountExpires into a custom user attribute or populate the Termination Date field with the actual date the user is terminated along with the is_terminated flag. |
on Oct 5, 2018
