Application decommission in sailpoint

yogesh_thok · April 18, 2024, 12:31am

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

We want to decommission few applications from sailpoint application.
Don’t want to delete, just need to break all links, disable / remove account application from user identity.
Please assist with better way for application decommissioning in sailpoint application.

vishal_kejriwal1 · April 18, 2024, 2:43am

Below are the set of steps which we follow during decommission

Remove all the entitlement either by running the aggregation (adding filter so that it returns zero data) or delete from backend
Remove all the Accounts either by running the aggregation (adding filter so that it returns zero data) or delete from backend
Above may require detect deleted as true in aggregation task.
Remove Aggregation task if added as any sequential task ( both for entitlement and account aggregation)
check if any bundle is created and need to be disabled it may impact the existing users and can trigger removal
Remove the connection details
Enable Maintenance Mode for application .

ipobeidi · April 18, 2024, 12:40pm

I would do this:

Remove the correlation logic
Run a Unoptomize aggregation
Remove manually or using the Terminator class the remaining links
Use the Terminator to remove the entitlements
4.1 Deactivate any roles for that application
Activate the maintenance

Best!

yogesh_thok · May 9, 2024, 4:16am

Is there any script that will disable Application

kjakubiak · May 9, 2024, 4:25am

You can put application into Maintenance Mode - it will suppress all provisioning transactions, also aggregations will not be executed. The only thing is that Provisioning Transactions will be queued to be resumed after you disable maintenance mode to I would suggest to create additionaly BeforeProvisioning rule to always clear provisioning plan content to jot generate not needed pending transactions.

ipobeidi · May 10, 2024, 4:25pm

Also , make sure @yogesh_thok that you mark in the Refresh Task the Option " Do not schedule requests" somehting along those lines. Because if you dont hes going to create a ton of request objects .

Best!

vinnysail · May 11, 2024, 8:30pm

Hi @yogesh_thok,

Refer this white paper when you are enabling maintenance mode on application

https://community.sailpoint.com/t5/Technical-White-Papers/Application-Maintenance-Windows/ta-p/76431

You can use the below option in identity refresh that way there will no retries when maintenance mode is again re-enabled.

If it’s for short term you can enable maintenance mode on the application, otherwise you can remove if it’s the same for long term behaviour.

pravin_ranjan · May 11, 2024, 10:45pm

@yogesh_thok you said, don’t want to delete, just need to break all links, disable / remove account application from user identity.

Just curious, do you have any specific requirement?

system · July 10, 2024, 10:46pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.