Termination Date is not populated with the Account Expires date when running an Active Directory Identity Collector (IDC) in RSA Identity Governance & Lifecycle
RSA Product Set: Identity Governance & Lifecycle RSA Version/Condition: All
The RSA Identity Governance & Lifecycle Termination Date field does not populate with the Active Directory accountExpires attribute value when the accountExpires attribute is collected with an Active Directory Identity Data Collector (IDC).
Note the accountExpires attribute is populated with an expiration date in Active Directory.
The data for accountExpires is collected as the Termination Date by the Active Directory IDC.
After running the Active Directory IDC and unification, the Termination Date is set in the raw data.
In the RSA Identity Governance & Lifecycle user interface, the Termination Date in the user record is blank.
This is expected behavior. In RSA Identity Governance & Lifecycle, the Termination Date field indicates when a user was terminated, not when an active user will get terminated. The Termination Date field will not be set unless the user is actually terminated; that is, when the Is Terminated field is set to true.
There are two options to resolving this issue:
Collect accountExpires into a custom user attribute, or
Populate the Termination Date field with the actual date the user is terminated along with the Is Terminated flag.