blindzero · blindzero · Jan 21, 2026 · Jan 21, 2026 · Jan 21, 2026 · Jan 21, 2026
diff --git a/examples/workflows/ad-joiner-complete.psd1 b/examples/workflows/ad-joiner-complete.psd1
@@ -3,9 +3,9 @@
     LifecycleEvent = 'Joiner'
     Steps          = @(
         @{
-            Name                 = 'Create AD user account'
-            Type                 = 'IdLE.Step.CreateIdentity'
-            With                 = @{
+            Name = 'Create AD user account'
+            Type = 'IdLE.Step.CreateIdentity'
+            With = @{
                 IdentityKey = 'newuser'
                 Attributes  = @{
                     SamAccountName    = 'newuser'
@@ -21,34 +21,31 @@
                 # If omitted, defaults to 'Identity'.
                 Provider    = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Identity.Create')
         },
         @{
-            Name                 = 'Set Department'
-            Type                 = 'IdLE.Step.EnsureAttribute'
-            With                 = @{
+            Name = 'Set Department'
+            Type = 'IdLE.Step.EnsureAttribute'
+            With = @{
                 IdentityKey = 'newuser@contoso.local'
                 Name        = 'Department'
                 Value       = 'IT'
                 Provider    = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Identity.Attribute.Ensure')
         },
         @{
-            Name                 = 'Set Title'
-            Type                 = 'IdLE.Step.EnsureAttribute'
-            With                 = @{
+            Name = 'Set Title'
+            Type = 'IdLE.Step.EnsureAttribute'
+            With = @{
                 IdentityKey = 'newuser@contoso.local'
                 Name        = 'Title'
                 Value       = 'Software Engineer'
                 Provider    = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Identity.Attribute.Ensure')
         },
         @{
-            Name                 = 'Grant base access group'
-            Type                 = 'IdLE.Step.EnsureEntitlement'
-            With                 = @{
+            Name = 'Grant base access group'
+            Type = 'IdLE.Step.EnsureEntitlement'
+            With = @{
                 IdentityKey = 'newuser@contoso.local'
                 Entitlement = @{
                     Kind        = 'Group'
@@ -58,12 +55,11 @@
                 State       = 'Present'
                 Provider    = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Entitlement.List', 'IdLE.Entitlement.Grant')
         },
         @{
-            Name                 = 'Grant IT department group'
-            Type                 = 'IdLE.Step.EnsureEntitlement'
-            With                 = @{
+            Name = 'Grant IT department group'
+            Type = 'IdLE.Step.EnsureEntitlement'
+            With = @{
                 IdentityKey = 'newuser@contoso.local'
                 Entitlement = @{
                     Kind        = 'Group'
@@ -73,17 +69,15 @@
                 State       = 'Present'
                 Provider    = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Entitlement.List', 'IdLE.Entitlement.Grant')
         },
         @{
-            Name                 = 'Move to active users OU'
-            Type                 = 'IdLE.Step.MoveIdentity'
-            With                 = @{
+            Name = 'Move to active users OU'
+            Type = 'IdLE.Step.MoveIdentity'
+            With = @{
                 IdentityKey     = 'newuser@contoso.local'
                 TargetContainer = 'OU=Active,OU=Users,DC=contoso,DC=local'
                 Provider        = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Identity.Move')
         }
     )
 }
diff --git a/examples/workflows/ad-leaver-offboarding.psd1 b/examples/workflows/ad-leaver-offboarding.psd1
@@ -3,46 +3,42 @@
     LifecycleEvent = 'Leaver'
     Steps          = @(
         @{
-            Name                 = 'Disable user account'
-            Type                 = 'IdLE.Step.DisableIdentity'
-            With                 = @{
+            Name = 'Disable user account'
+            Type = 'IdLE.Step.DisableIdentity'
+            With = @{
                 IdentityKey = 'leavinguser@contoso.local'
                 # Provider alias references the provider hashtable key set by the host.
                 # The alias name is flexible and chosen when injecting providers.
                 Provider    = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Identity.Disable')
         },
         @{
-            Name                 = 'Update Description with termination date'
-            Type                 = 'IdLE.Step.EnsureAttribute'
-            With                 = @{
+            Name = 'Update Description with termination date'
+            Type = 'IdLE.Step.EnsureAttribute'
+            With = @{
                 IdentityKey = 'leavinguser@contoso.local'
                 Name        = 'Description'
                 Value       = 'Terminated 2026-01-18'
                 Provider    = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Identity.Attribute.Ensure')
         },
         @{
-            Name                 = 'Move to Leavers OU'
-            Type                 = 'IdLE.Step.MoveIdentity'
-            With                 = @{
+            Name = 'Move to Leavers OU'
+            Type = 'IdLE.Step.MoveIdentity'
+            With = @{
                 IdentityKey     = 'leavinguser@contoso.local'
                 TargetContainer = 'OU=Leavers,OU=Disabled,DC=contoso,DC=local'
                 Provider        = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Identity.Move')
         },
         @{
-            Name                 = 'Delete user account (opt-in required)'
-            Type                 = 'IdLE.Step.DeleteIdentity'
-            With                 = @{
+            Name      = 'Delete user account (opt-in required)'
+            Type      = 'IdLE.Step.DeleteIdentity'
+            With      = @{
                 IdentityKey = 'leavinguser@contoso.local'
                 Provider    = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Identity.Delete')
-            Condition            = @{
+            Condition = @{
                 Exists = @{
                     Path = 'Input.AllowDelete'
                 }

diff --git a/examples/workflows/ad-mover-department-change.psd1 b/examples/workflows/ad-mover-department-change.psd1
@@ -3,33 +3,31 @@
     LifecycleEvent = 'Mover'
     Steps          = @(
         @{
-            Name                 = 'Update Department'
-            Type                 = 'IdLE.Step.EnsureAttribute'
-            With                 = @{
+            Name = 'Update Department'
+            Type = 'IdLE.Step.EnsureAttribute'
+            With = @{
                 IdentityKey = 'existinguser@contoso.local'
                 Name        = 'Department'
                 Value       = 'Sales'
                 # Provider alias - can be customized when host creates the provider hashtable.
                 # Examples: 'Identity', 'SourceAD', 'TargetAD', 'SystemX', etc.
                 Provider    = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Identity.Attribute.Ensure')
         },
         @{
-            Name                 = 'Update Title'
-            Type                 = 'IdLE.Step.EnsureAttribute'
-            With                 = @{
+            Name = 'Update Title'
+            Type = 'IdLE.Step.EnsureAttribute'
+            With = @{
                 IdentityKey = 'existinguser@contoso.local'
                 Name        = 'Title'
                 Value       = 'Sales Manager'
                 Provider    = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Identity.Attribute.Ensure')
         },
         @{
-            Name                 = 'Revoke old IT department group'
-            Type                 = 'IdLE.Step.EnsureEntitlement'
-            With                 = @{
+            Name = 'Revoke old IT department group'
+            Type = 'IdLE.Step.EnsureEntitlement'
+            With = @{
                 IdentityKey = 'existinguser@contoso.local'
                 Entitlement = @{
                     Kind        = 'Group'
@@ -39,12 +37,11 @@
                 State       = 'Absent'
                 Provider    = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Entitlement.List', 'IdLE.Entitlement.Revoke')
         },
         @{
-            Name                 = 'Grant Sales department group'
-            Type                 = 'IdLE.Step.EnsureEntitlement'
-            With                 = @{
+            Name = 'Grant Sales department group'
+            Type = 'IdLE.Step.EnsureEntitlement'
+            With = @{
                 IdentityKey = 'existinguser@contoso.local'
                 Entitlement = @{
                     Kind        = 'Group'
@@ -54,17 +51,15 @@
                 State       = 'Present'
                 Provider    = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Entitlement.List', 'IdLE.Entitlement.Grant')
         },
         @{
-            Name                 = 'Move to Sales OU'
-            Type                 = 'IdLE.Step.MoveIdentity'
-            With                 = @{
+            Name = 'Move to Sales OU'
+            Type = 'IdLE.Step.MoveIdentity'
+            With = @{
                 IdentityKey     = 'existinguser@contoso.local'
                 TargetContainer = 'OU=Sales,OU=Users,DC=contoso,DC=local'
                 Provider        = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Identity.Move')
         }
     )
 }
diff --git a/examples/workflows/joiner-ensureentitlement.psd1 b/examples/workflows/joiner-ensureentitlement.psd1
@@ -3,16 +3,14 @@
     LifecycleEvent = 'Joiner'
     Steps          = @(
         @{
-            Name                 = 'Ensure Department'
-            Type                 = 'IdLE.Step.EnsureAttribute'
-            With                 = @{ IdentityKey = 'user1'; Name = 'Department'; Value = 'IT'; Provider = 'Identity' }
-            RequiresCapabilities = 'IdLE.Identity.Attribute.Ensure'
+            Name = 'Ensure Department'
+            Type = 'IdLE.Step.EnsureAttribute'
+            With = @{ IdentityKey = 'user1'; Name = 'Department'; Value = 'IT'; Provider = 'Identity' }
         },
         @{
-            Name                 = 'Assign demo group'
-            Type                 = 'IdLE.Step.EnsureEntitlement'
-            With                 = @{ IdentityKey = 'user1'; Entitlement = @{ Kind = 'Group'; Id = 'demo-group'; DisplayName = 'Demo Group' }; State = 'Present'; Provider = 'Identity' }
-            RequiresCapabilities = @('IdLE.Entitlement.List', 'IdLE.Entitlement.Grant')
+            Name = 'Assign demo group'
+            Type = 'IdLE.Step.EnsureEntitlement'
+            With = @{ IdentityKey = 'user1'; Entitlement = @{ Kind = 'Group'; Id = 'demo-group'; DisplayName = 'Demo Group' }; State = 'Present'; Provider = 'Identity' }
         }
     )
 }
diff --git a/examples/workflows/joiner-with-onfailure.psd1 b/examples/workflows/joiner-with-onfailure.psd1
@@ -10,20 +10,19 @@
             With = @{ Message = 'Starting Joiner workflow with OnFailure handling' }
         }
         @{
-            Name                 = 'Ensure Department'
-            Type                 = 'IdLE.Step.EnsureAttribute'
-            With                 = @{ 
+            Name = 'Ensure Department'
+            Type = 'IdLE.Step.EnsureAttribute'
+            With = @{ 
                 IdentityKey = 'user1'
                 Name        = 'Department'
                 Value       = 'IT'
                 Provider    = 'Identity'
             }
-            RequiresCapabilities = 'IdLE.Identity.Attribute.Ensure'
         }
         @{
-            Name                 = 'Assign demo group'
-            Type                 = 'IdLE.Step.EnsureEntitlement'
-            With                 = @{ 
+            Name = 'Assign demo group'
+            Type = 'IdLE.Step.EnsureEntitlement'
+            With = @{ 
                 IdentityKey  = 'user1'
                 Entitlement  = @{ 
                     Kind        = 'Group'
@@ -33,7 +32,6 @@
                 State        = 'Present'
                 Provider     = 'Identity'
             }
-            RequiresCapabilities = @('IdLE.Entitlement.List', 'IdLE.Entitlement.Grant')
         }
     )