SecurID^® Governance & Lifecycle 7.2 Enablement

It's been a couple of years since this thread was opened. Is there still no way to capture accountenabled status from Azure? Seems like it would be a common use case. 

This can be collected; you just cannot do anything with the collected value. 

The feature to allow for general attribute translation is tracked in this RSA Ideas page.

Generic REST collectors must support data formatting - RSA Community - 576486

Please ensure you up vote it. 

As noted here and in the RSA Ideas comments custom translation can be done in "Post Custom Processing".   This is overly complicated for this use case but at this time that is the only solution.  Post Custom Processing existed in older versions, but it required modification to the internal packages.  In 7.5.2 it is exposed in the product via a custom setting that can be enabled by RSA Professional Services.  Again, as noted by @PradeepKadambar we recommend you engage PS for this as it requires some programing knowledge. 

Thanks @IanStaines. For now I will look into collecting the data outside of RSA and manipulating the value prior to RSA collection from another data source.

Note that this does not just affect collecting from Azure but collecting any data from any DataSource.  This is also not a limitation of only the Generic REST collector.  None of the collectors have this feature and so this is a deficiency in all collector types.   

It is incidental that some of the Database collector types allow you to manipulate the data using the SQL features of that jdbc driver.  So for example, with Database Collectors of type Oracle, you can use Oracle SQL statements to manipulate the data directly in the collector.  Again this is not leveraging a feature in RSA G&L product but leveraging a feature of the driver.  

The REST standard does allow for some very limited data manipulation (some substring options can be done) but this is generally not a feature of the REST protocol. 

Note that if you decide to collect the data outside of RSA, and you elect to store the data in an Oracle database, you could then use the Oracle Database Collectors JDBC SQL features to do the data manipulation.  Convoluted I know but that is all we have to offer at the moment.

@IanStaines Another question for you regarding this generic rest collector. I was hoping to use bearer token authentication to Azure instead of OAuth to utilize app level permissions rather than delegated access which requires a user to sign in an generate a token. I opened a ticket with support and was told this was not supported. Just trying to understand why the generic rest collector cannot generate a standard bearer token with Azure, my powershell and postman have no issues doing this using the same values.