An account is required for a Role with Entitlements.
This means that a new account will be created when the "new employee" Role is run.
The current issue is:
When the Role runs, the appropriate workflow variables Add/Create are generated.
However, the Add generates a manual workflow because:
AFX reports this item failed with code  and message: 'Invalid "Add Account to AD Group" command Account parameter value for Active Directory connector'.
However, subsequent Rules ( missing entitlements) adds the account to the group without any problems.
Adding existing accounts to groups does not have any issues.
I know somethings change by us and RSA, but I can't figure out why it fails on the initial add/create.
Version: 7.1 P3.