000036921 - Clearing an Active Directory Account Attribute in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Nov 22, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036921
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: All

IssueThere are cases where you want to remove the value of an AD attribute make it to not set instead of adding a Null value to it.
Example of an AD attribute 'Department' which does not have any value.

User-added image
ResolutionWe could get this to work with native AFX. 

Using remove_<attr> as the attribute name within the AFX Capability Parameter Name works for the removal of a single-value account attribute.
However, you must know the value which is currently set or this will not work.

Update  AFX Capability for Update Account to the following:

User-added image

  1. We have the department attribute set for an account in AD.

    User-added image
  2.  To clear the value for the department attribute you must pass current value of the attribute.

    User-added image

    User-added image