Account scripts (PowerShell v2 target systems)
Executed during the Grant step of Enforcement, when an Account entitlement is granted to a person.
The Account Create script comprises two if statements:
The first
ifstatement runs if Correlation is enabled, so you can link the current person to an existing target account instead of creating a new one.The second
ifstatement runs if correlation is disabled. In this case, you need to create a new account for the person. Typically, you'll do this by fetching your target mappings from $actionContext.Data and then using them in theif (-Not($actionContext.DryRun -eq $true)) { }block to make the necessary API calls in the external system.
In either case, you must send your results to HelloID via $outputContext. It should contain the following:
$outputContext.AccountCorrelated set to true, if a correlation was performed
$outputContext.AccountReference set to a string that identifies the target account (often the person's ExternalId).
$outputContext.AuditLogs given a CorrelateAccount or CreateAccount audit log message, respectively
$outputContext.Data set to the same account model you wrote into the target account (often identical to the mappings you received in $actionContext.Data)
$outputContext.Success set to true if the changes written to the target account succeeded
When this script finishes, an Account Create notification event triggers.
Executed during the Grant stage of Enforcement, when an Account Access entitlement is granted to a person.
In the Account Enable script, you should get the current person's account reference from $actionContext.References.Account, and use it inside the if block to make the necessary API calls to enable the target account.
At the end of the script, you must send your results to HelloID via $outputContext. It should contain the following:
$outputContext.AuditLogs given an EnableAccount audit log message
$outputContext.Data updated in parallel with any attributes you altered in the target account
$outputContext.PreviousData updated with any old attribute values you overwrote
$outputContext.Success set to true if the changes written to the target account succeeded
When this script finishes, an Account Enable notification event triggers.
Executed during the Update step of Enforcement, as well as during Force update accounts.
In the Account Update script, you get an opportunity to update fields in the target account, typically by using $personContext.PersonDifferences and/or $actionContext.Data.
In the if ($actionContext.AccountCorrelated) { } block, make any additional changes to the account that are needed if a Correlation occurred.
At the end of the script, you must send your results to HelloID via $outputContext. It should contain the following:
$outputContext.AuditLogs given an UpdateAccount audit log message
$outputContext.Data given the account model you wrote into the target system
$outputContext.PreviousData given the old account model you overwrote
$outputContext.Success set to true if the changes written to the target account succeeded
When this script finishes, an Account Update notification event triggers.
Executed during the Revoke stage of Enforcement, when an Account Access entitlement is revoked from a person.
In the Account Disable script, you should get the current person's Account reference from $actionContext.References.Account, and use it inside the if block to make the necessary API calls to disable the target account.
At the end of the script, you must send your results to HelloID via $outputContext. It should contain the following:
$outputContext.AuditLogs given a DisableAccount audit log message
$outputContext.Data updated in parallel with any attributes you altered in the target account
$outputContext.PreviousData updated with any old attribute values you overwrote
$outputContext.Success set to true if the changes written to the target account succeeded
When this script finishes, an Account Disable notification event triggers.
Executed during the Revoke stage of Enforcement, when an Account entitlement is revoked from a person.
In the Account Delete script, you should get the current person's Account reference from $actionContext.References.Account, and use it inside the if block to make the necessary API calls to delete the target account.
At the end of the script, you must send your results to HelloID via $outputContext. It should contain the following:
$outputContext.AuditLogs given a DeleteAccount audit log message
$outputContext.Data updated in parallel with any attributes you altered in the target account
$outputContext.PreviousData updated with any old attribute values you overwrote
$outputContext.Success set to true if the changes written to the target account succeeded
When this script finishes, an Account Delete notification event triggers.