Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Issue with conditionals in disableaccountjson

dvillalta
New Contributor III
New Contributor III

Hey everyone

Got a situation where we have configured some conditionals in the disableaccountjson in our AD connection, JSON is as follows:

{
	"deleteAllGroups": "${if(task?.source=='ANALYTICS_V2') {'No'} else {'Yes'}}",
	"userAccountControl": "514",
	"moveUsertoOU": "${if(task?.source!='ANALYTICS_V2') {'OU=Separations,OU=ISSecurity,dc=llbean,dc=com'}}",
	"description": "${if(task?.source=='ANALYTICS_V2') {'Disabled by EIC due to account inactivity'} else {'Disabled by EIC'}}",
	"employeeType": "${if(task?.source!='ANALYTICS_V2'){${if(user.employeeType.equals('Employee')) 'Separated E' else if (user.employeeType.equals('Contingent Worker')) 'Separated C'}}}"
}

The idea behind this process is: we have set automatic account disabling via actionable analytics when a users account hits 90 days of inactivity (analytic check last login in AD and Azure, and works perfectly)

The thing is that the behavior we're seeing is as follows:

  • If the user goes through the disable process set in analytics, there is no issue, conditionals apply correctly
  • If the user goes through the normal deprovision/disabling process we're seeing the conditionals not applying and behaving weirdly, for example, the description part would paste the whole code onto the AD description (description would read: ${if(task?.source=='ANALYTICS_V2') {'Disabled by EIC due to account inactivity'} {'Disabled by EIC'}}) as if instead of doing the conditional it is taking the string, this happens as well with the move user to OU and the employeeType, where it is grabbing the string without evaluating it and just pasting it

Has anyone seen something similar before? Is there anything wrong with the conditionals? (they are working for the Analytic derived tasks though...)

Thanks in advance

3 REPLIES 3

rushikeshvartak
All-Star
All-Star
{
	"deleteAllGroups": "${task?.source == 'ANALYTICS_V2' ? 'No' : 'Yes'}",
	"userAccountControl": "514",
	"moveUsertoOU": "${task?.source != 'ANALYTICS_V2' ? 'OU=Separations,OU=ISSecurity,dc=llbean,dc=com' : 'DefaultOU'}",
	"description": "${task?.source == 'ANALYTICS_V2' ? 'Disabled by EIC due to account inactivity' : 'Disabled by EIC'}",
	"employeeType": "${task?.source != 'ANALYTICS_V2' ? (user.employeeType.equals('Employee') ? 'Separated E' : (user.employeeType.equals('Contingent Worker') ? 'Separated C' : 'DefaultType')) : 'DefaultType'}"
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

So basically translate to use ternary operator?

Yes


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.