Active Directory AFX 'Disable/Enable an Account' connector capabilities do not update added parameters in RSA Identity Governance & Lifecycle
3 years ago
Originally Published: 2015-06-25
Article Number
000063080
Applies To
RSA Product Set: Identity Governance & Lifecycle 
RSA Version/Condition: 6.9.1, 7.0.x, 7.1.x

 
Issue
The RSA Identity Governance & Lifecycle Access Fulfillment Express (AFX) connector capabilities are pre-defined with parameters to be passed to the endpoint. Each capability provides the option to add more parameters by navigating to AFX > Connectors > {connector-name] > Edit > Capabilities tab > {name of capability} > Add More... button.

When more parameters are added to the Disable/Enable an Account capabilities defined for the Active Directory AFX connector, only the UserAccountControl (UAC) parameter is updated in Active Directory (AD). Any additional parameters are not updated. This is true for both existing attributes and custom attributes in RSA Identity Governance & Lifecycle.


Example:

In the below examples Disable an Account was first configured to update the email address of the AD user when their account was disabled. The problem is that when AFX disabled an account, the account was disabled but the email address was not updated in AD. In the second example Disable an Account was configured to update a custom attribute. The same was true here. When AFX disabled an account, the account was disabled but the custom attribute was not updated in AD.
 
Existing AD Attribute
User-added image

Custom AD Attribute
User-added image

 
Cause
This is the current functionality of the product. When disablying/enabling accounts, the Active Directory AFX connector only updates the UserAccountControl attribute and no other attributes that are defined in the capability.
 
Resolution
Product enhancement request ACM-55232 has been submitted to request that the Active Directory AFX connector capabilities be able to update added parameters.Product enhancement requests are evaluated by Product Management to determine when/if they will be added in a future release.    
 
Please go to RSA Ideas for RSA Identity Governance & Lifecycle to submit and/or vote on an enhancement request. For more information, please see 000036416 -- How to log a request for enhancement (RFE) for RSA Identity Governance & Lifecycle.
 

Related Articles

Trending Articles

Don't see what you're looking for?