Hello
When an account is revoked in the account review, “delete an account” operation in AFX fulfillment is triggered automatically.
However, we would like to trigger “disable an account” operation instead
How can we configure it?
Hello
When an account is revoked in the account review, “delete an account” operation in AFX fulfillment is triggered automatically.
However, we would like to trigger “disable an account” operation instead
How can we configure it?
In an account review you can also enable "disable", "enable", "lock" and "unlock" buttons, this provides you with the functionality to have the account disabled rather then deleted
You should have ticked the "allow account disabling" on the application / directory
regards
Edwin
Hello Edwin
First of all thank you for your reply
A other question is how can disable revoke operation in this case we can see only maintain and disable operations in account review
How about detecting in the workflow if the request origin is from a review and if it's Revoke account action, then do something but not Delete?
Hello Boris,
Not sure how to realize your suggestion. Consider below example. We have one Change Item "Delete Account X."
We can put a decision node and detect if the request contains "Delete Account" items but what next?
- How can we send "Disable Account X" to AFX fulfillment on the fly?
- Will the request not have any problem on passing "pending for verification" state since the "delete account" operation in the request will never been completed?
Yes, if not properly handled it might cause an issue with the verification phase.
I think the best approach here is to perform a regular training sessions for the reviewers and explain them what they are expected to do and which options in the review to click on. Also, you should add instructions in the review explaining that the revoke button should not be used.
But if the revoke option was still chosen, then consider cancelling this change item and use a provisioning node to disable the account or use the webservices to create a new change request to disable the account.
Hello Boris,
Yes, if not properly handled it might cause an issue with the verification phase.
Is there any thing we can do to make it properly handled? Or is it something handled by VIA itself?
I think this should be considered for an RFE. We have the same issue and the tool should be customizable to hide the revoke button versus having to train tens of thousands of managers where some will inevitably click the wrong button.
Allow Revoke to be an optional Review State for Account Access and Ownership Reviews
Please vote on this RFE idea.
In an account review you can also enable "disable", "enable", "lock" and "unlock" buttons, this provides you with the functionality to have the account disabled rather then deleted
You should have ticked the "allow account disabling" on the application / directory
regards
Edwin