Skip to main content

IAM - Terminate User

This Playbook is part of the IAM Pack.#

This playbook sets the user status to terminated in the organization by updating the incident information and User Profile indicator with values indicating termination, and disabling the account in the supported apps.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • IAM - Send Provisioning Notification Email


  • Okta IAM
  • Active Directory Query v2


  • GetEnabledInstances
  • SetAndHandleEmpty
  • Set


  • iam-disable-user
  • iam-get-user
  • setIndicator

Playbook Inputs#

NameDescriptionDefault ValueRequired
indicatorThe User Profile indicator, if found during previous search.indicator.NoneOptional
CreatedIndicatorThe created User Profile indicator, if created previously in the IAM - Sync User playbook.CreatedIndicator.NoneOptional
ITNotificationEmailEmail to notify about errors in the provisioning process.Optional
SuccessfulVendorsVendors where provisioning was successful. This input is used to ensure that on playbook reruns, provisioning will be retried only with vendors that previously failed.IAM.Vendor.NoneOptional
NotificationEmailHTMLListOptional - the name of the list that contains an HTML template for the email that will be sent to the users that need to be notified for successful app provisioning. The list of emails of users that need to be notified can be configured in the "app-provisioning-settings" list, for each instance configured, in fields called "create_user_email_notification_ids",
"enable_user_email_notification_ids" and

Playbook Outputs#

IAM.VendorDetails the changes that were made in Active Directory or Okta.unknown
IAM.Vendor.activeIndicates if the user is active or not. Can be true or false.unknown
IAM.Vendor.detailsLists the user details as they appear in the vendor.unknown
IAM.Vendor.emailThe user email as it appears in the vendor records.unknown
IAM.Vendor.errorCodeHTTP error response code.unknown
IAM.Vendor.errorMessageReason why the API failed.unknown
IAM.Vendor.idThe user ID as it appears in the vendor records.unknown
IAM.Vendor.instanceNameName of the instance used for provisioning.unknown
IAM.Vendor.successIndicates if the vendor was successfully updated. Can be true or falseunknown
IAM.Vendor.brandName of the integration.unknown
IAM.Vendor.usernameThe username as it appears in the vendor records.unknown
IAM.Vendor.actionThe action that was performed on the user record.unknown
IAM.UserProfileThe user's profile.unknown
LeaveUserProfileAsProcessedWhether the User Profile should stay as processed or not. Can be True or False.unknown

Playbook Image#

Setup Account