We want to use Connect to AD to only manage the deprovisioning process, but not the provisioning process.
Is there a way to setup so that when an employee is terminated in UKG, they are disabled and moved to a specific org-unit?
Yes, Connect to AD can handle deprovisioning without doing any provisioning.
Here is an example of the required setup.
Step 1
Switch off the Provision rule as we will not be doing any provisioning.
Step 2
Set the Enable Account mapping using the default expression:
Employment.EmployeeStatusCode == 'A'
This is what is going to handle the disabling of the AD user account when the user is no longer Active in UKG.
Optional Step 3
Set the Container mapping using a conditional expression, so that if the user is Terminated in UKG, move them to a specific org-unit.
Optional Step 4
Set the Account Expires mapping using the default expression:
Employment.DateOfTermination
1 Like