I have a requirement to anonymize sensitive Identities and Accounts data after 5 years the Identity is being Inactive. For example: a user is in Lifecycle state Inactive for 5 years, then its Name, Surname, Email, BirthDate have to be anonymized.
The anonymization logic is yet to be defined: it could be acceptable to just leave the fields blank or replaced with a static string or just randomized.
While we can manually manage Identities data originated from Flat File (CSV) connectors, how could this be possible for Identities coming from other authoritative sources (HR, SAP applications, …)?
How could the anonymization logic be implemented in ISC?
Create a new lifecyclestate - Archieve
in Identity Profile - Add transform for attributes we want to make blank and map them.
So, If Lifecyclestate=Archieve, then set firstname to blank, else use whatever is the existing logic.
The Update Account API would update the ISC account but I think that effective update on the HR source would happen only if I have my sensitive attributes enabled in “Source > Sync Attribute”. In this way, any change to the ISC account would be syncronized back to the HR source.
For the Transform in the Identity Profile, if I understood correctly, I would need to implement a custom logic which first checks the Lifecycle state and then applies a specific logic. Only for the “Archive” lifecycle state the Transform would return my custom logic, otherwise for all other lifecycle states it would just map the attributes as they are.
