Application decommission in sailpoint

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

We want to decommission few applications from sailpoint application.
Don’t want to delete, just need to break all links, disable / remove account application from user identity.
Please assist with better way for application decommissioning in sailpoint application.

Below are the set of steps which we follow during decommission

  1. Remove all the entitlement either by running the aggregation (adding filter so that it returns zero data) or delete from backend
  2. Remove all the Accounts either by running the aggregation (adding filter so that it returns zero data) or delete from backend
  3. Above may require detect deleted as true in aggregation task.
  4. Remove Aggregation task if added as any sequential task ( both for entitlement and account aggregation)
  5. check if any bundle is created and need to be disabled it may impact the existing users and can trigger removal
  6. Remove the connection details
  7. Enable Maintenance Mode for application .
1 Like

I would do this:

  1. Remove the correlation logic
  2. Run a Unoptomize aggregation
  3. Remove manually or using the Terminator class the remaining links
  4. Use the Terminator to remove the entitlements
    4.1 Deactivate any roles for that application
  5. Activate the maintenance

Best!

1 Like

Is there any script that will disable Application

You can put application into Maintenance Mode - it will suppress all provisioning transactions, also aggregations will not be executed. The only thing is that Provisioning Transactions will be queued to be resumed after you disable maintenance mode to I would suggest to create additionaly BeforeProvisioning rule to always clear provisioning plan content to jot generate not needed pending transactions.

Also , make sure @yogesh_thok that you mark in the Refresh Task the Option " Do not schedule requests" somehting along those lines. Because if you dont hes going to create a ton of request objects .

Best!

Hi @yogesh_thok,

Refer this white paper when you are enabling maintenance mode on application

https://community.sailpoint.com/t5/Technical-White-Papers/Application-Maintenance-Windows/ta-p/76431

You can use the below option in identity refresh that way there will no retries when maintenance mode is again re-enabled.

<entry key=‘noRetryMaintenanceWindow’ value='true>

If it’s for short term you can enable maintenance mode on the application, otherwise you can remove if it’s the same for long term behaviour.

@yogesh_thok you said, don’t want to delete, just need to break all links, disable / remove account application from user identity.

Just curious, do you have any specific requirement?