AnsweredAssumed Answered

Can RSA IGL manage a user lifecycle?

Question asked by Matias Siracusa on Jul 24, 2018
Latest reply on Jul 26, 2018 by Matias Siracusa



I'm coming from other IAG tools, from different vendors and I'm trying to understand the JML process.



I could manage to set up a user registration form that provisions new users into AD who are then collected as new users into Aveksa.


I also created a form that sets an attribute in AD to signify that the user is terminated. That attribute is mapped to the 'isTerminated' attribute in Aveksa so in further collections it will be picked up  and the termination rule will be triggered.


What I had the most trouble with was the user termination when the accountExpires attribute in AD was due. After searching the forums I finally discovered the hidden tab 'Custom Tasks'. There, I created a custom WF that selects every users whose account has expired via SQL and then set the 'isTerminated' attribute in AD so that in the next collection the user is effectively terminated.


The question is: is this the recommended process? The fact that such a basic (at least in my experience) feature such as terminating a user when his account expires is so difficult leads me to suspect that Aveksa is not meant to manage the entire user lifecycle but rather it should integrate with another RRHH tools that take over user onboarding and termination. Am I right or am I missing something?