AD account deletion at source from SailPoint IDN

Hi All,

I need help deleting AD accounts at source directly from SailPoint IDN.

According to the documentation, only accounts from delimited file sources can be deleted. I’ve read about using a before provision rule to accomplish this, but I’m unsure about the approach.
Could you please suggest a quicker solution?

Thanks in advance.

Hi,

I think we have very limited ways to achieve deletion of accounts in ISC.

  1. You can use AD after operation rule to invoke powershell script and in powershell script write code to delete AD account.
  2. In before provisioning rule change the operation to delete in plan.

-Abhinov

Hi @V-VanishreeC ,

To use the second approach from @Abhinov7 response, you could create a new LCS that the Identities will enter after some time and configure the IdentityProfile to Enabled the AD account, but using the BeforeProvisioning you will change the operation to Delete and the account will be deleted.

Just keep in mind that maybe if the Identity it’s left with some Role that gives AD access IDN could create a new account once a refresh identity runs.

Regards,

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.