Problem
If the IT team manually disables a user's account, it is crucial to ensure that the account stays disabled, even if the user is still active in UKG.
When the sync process runs, it will reenable the manually disabled user account because your config states that if the user/employee is Active in UKG, they will be enabled in [target-system] .
This usually happens when a user needs to be locked out of the system, but the HR team has not yet finalized the termination process.
Solution
To prevent the manually disabled accounts from being reenabled (because they are Active in UKG), we can add two conditional expressions to the Enable User field mapping
WHEN
user.container != 'OU=terminated users' && user.enabled == false
THEN
Ignore
WHEN
[source-object]
THEN
true
Summary
This approach ensures that disabled users remain disabled in [target-system] , regardless of their UKG status. It only enables user records that are meant to be enabled.
Comments
0 comments
Please sign in to leave a comment.