Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiSOAR Discussions
- Fortinet Community
- Community Groups
- FortiSOAR
- Discussions
- Re: Add/Delete User Information
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Add/Delete User Information
Hello,
We request that users who have just logged in or out of the company be removed from AD and that this be e-mailed to the necessary people. Has anyone written a playbook on this subject before?
Thanks in advance
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
That's not really clear for me what you want to achieve. Are you looking for a temporary AD account solution that removes a user account after a logout AD event and send an email to a specific email list?
Any way, login/out has to ba catched by a SIEM. The SOAR has the email list with corresponding AD group.
You buit a playbook triggered when the logout event is catched by the SIEM via an external API call or via a dedicated SIEM event pulled by FortiSOAR
Regards
Arnaud
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To explain, a new employee came to the company and a mail account will be opened on the Active Directory of this employee, and if this can be done through SOAR and informing the relevant people, managers, user notification by sms, etc. The reverse of this example should also be for a person who leaves the job. The e-mail address should be removed from the AD and the persons concerned should be informed of this. I can also query manually at the end of the day.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
lucky you are, that's the "Automated Employee Onboarding" Solution Pack purpose. You have to adapt it a little bit but you will have everything you need.
Regards
Arnaud
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Labels
-
FortiSoar
71 -
Connector
8 -
FortiSOAR v7.x
6 -
FortiSOAR v7.6
6 -
SOAR
5 -
playbooks
3 -
Jinja
3 -
Schedule
2 -
FortiSOAR 7.4.0
2 -
FortiSOAR 7.5
2 -
Threat Intel Management
2 -
Forcepoint
1 -
enrichement
1 -
ution
1 -
FortiSIEM v7.4.x
1 -
crowdstrike
1 -
CMDB
1 -
Update Record Correlations
1 -
Data Ingestion
1 -
Queued Workflow
1 -
poonvert
1 -
templates
1 -
HybridAnalysis
1 -
alert
1 -
secret management
1 -
RegionalSOC
1 -
queue and shift management
1 -
related modules
1 -
fields
1 -
Artificial intelligence
1 -
FortiSOAR Awards
1 -
Content-Hub
1 -
Microsoft Exchange Connector
1 -
Staging
1 -
External Postgresql DB
1 -
secrets
1 -
Vault
1 -
FortiSOAR 7.3.x
1 -
FortiSIEM
1 -
FortiGuard
1 -
FortiWeb
1 -
FortiEDR
1 -
upgrade
1 -
Machine Learning
1 -
performance
1 -
Azure
1 -
Admin Access
1 -
License
1 -
Arrow
1 -
Time
1 -
Trial
1 -
FortiSOAR v7.2.x
1 -
FortiSOAR v7.4.x
1 -
Upgrading FortiSOAR
1 -
Playbook
1 -
People
1 -
TAXII
1 -
SOC
1 -
secops
1 -
FortiSASE
1 -
C
1 -
Asset
1 -
Threat feed
1 -
indicators
1 -
FortiAnalyzer
1 -
loops
1 -
ClickHouse
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.