AzureAD Provisioning - prevent user deletion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2023 05:17 AM
Hi,
I'm looking into leveraging the AzureAD User Provisioning (already using the AAD SSO for login).
https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/servicenow-provisioning-tutorial
The one thing that concerns me the most is that users would get automatically deleted, which I don't like and AFAIK isn't the best practice for SN (breaking incidents history, making things look ugly and so on).
Maybe I misinterpret the documentation and the user doesn't get really deleted in the end?
Right now I'm provisioning users via LDAP and have a script running post user import which if it finds that a user is missing (removed from AD but still in SN) it will clear the users email, groups, roles, rename the id with a DEL_ suffix, disable and lock the account.
Is it possible to set up such a script while using the AAD provisioning?
Any guidance would be highly appreciated!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2023 02:54 AM
That came out of my experience setting it up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-20-2023 11:06 PM
@jacekj Found documentation on issoftdeleted in the below link:
Below is what it says:
The attribute IsSoftDeleted is often part of the default mappings for an application. IsSoftdeleted can be true in one of four scenarios:
1) The user is out of scope due to being unassigned from the application.
2) The user is out of scope due to not meeting a scoping filter.
3) The user has been soft deleted in Azure AD.
4) The property AccountEnabled is set to false on the user.
It's not recommended to remove the IsSoftDeleted attribute from your attribute mappings.
Please accept solution if my reply answers your query.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2024 12:43 AM
But if we trying to inactive the group member in the azure ad end,the user in servicenow also setting to inactive as expected.but the user is getting removed from the group, how to not get deleted from the group even if inactive?
