Termination Date is not populated with the Account Expires date when running an Active Directory Identity Collector (IDC) in RSA Identity Governance & Lifecycle
2 years ago
Originally Published: 2018-10-01
Article Number
000041124
Applies To
RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: All

 
Issue
The RSA Identity Governance & Lifecycle Termination Date field does not populate with the Active Directory accountExpires attribute value when the accountExpires attribute is collected with an Active Directory Identity Data Collector (IDC).


Symptoms

  1.  Note the accountExpires attribute is populated with an expiration date in Active Directory.
User-added image
  1. The data for accountExpires is collected as the Termination Date by the Active Directory IDC.
User-added image
  1. After running the Active Directory IDC and unification, the Termination Date is set in the raw data.
User-added image
  1. In the RSA Identity Governance & Lifecycle user interface, the Termination Date in the user record is blank.
User-added image
Cause
This is expected behavior. In RSA Identity Governance & Lifecycle, the Termination Date field indicates when a user was terminated, not when an active user will get terminated. The Termination Date field will not be set unless the user is actually terminated; that is, when the Is Terminated field is set to true. 
Resolution
There are two options to resolving this issue:
  1. Collect accountExpires into a custom user attribute,  or
  2. Populate the Termination Date field with the actual date the user is terminated along with the Is Terminated flag.

Related Articles

Trending Articles

Don't see what you're looking for?