Hey everyone
Got a situation where we have configured some conditionals in the disableaccountjson in our AD connection, JSON is as follows:
{
"deleteAllGroups": "${if(task?.source=='ANALYTICS_V2') {'No'} else {'Yes'}}",
"userAccountControl": "514",
"moveUsertoOU": "${if(task?.source!='ANALYTICS_V2') {'OU=Separations,OU=ISSecurity,dc=llbean,dc=com'}}",
"description": "${if(task?.source=='ANALYTICS_V2') {'Disabled by EIC due to account inactivity'} else {'Disabled by EIC'}}",
"employeeType": "${if(task?.source!='ANALYTICS_V2'){${if(user.employeeType.equals('Employee')) 'Separated E' else if (user.employeeType.equals('Contingent Worker')) 'Separated C'}}}"
}
The idea behind this process is: we have set automatic account disabling via actionable analytics when a users account hits 90 days of inactivity (analytic check last login in AD and Azure, and works perfectly)
The thing is that the behavior we're seeing is as follows:
- If the user goes through the disable process set in analytics, there is no issue, conditionals apply correctly
- If the user goes through the normal deprovision/disabling process we're seeing the conditionals not applying and behaving weirdly, for example, the description part would paste the whole code onto the AD description (description would read: ${if(task?.source=='ANALYTICS_V2') {'Disabled by EIC due to account inactivity'} {'Disabled by EIC'}}) as if instead of doing the conditional it is taking the string, this happens as well with the move user to OU and the employeeType, where it is grabbing the string without evaluating it and just pasting it
Has anyone seen something similar before? Is there anything wrong with the conditionals? (they are working for the Analytic derived tasks though...)
Thanks in advance
