Best way to Off board AD based asset (AD Group Offboarding) and Flat file Offboarding

shivakarasani199 · July 30, 2024, 2:15am

Which IIQ version are you inquiring about?

8.2P2

Share all details related to your problem, including any error messages you may have received.

Hello Everyone , we are planning to offboard the decommissioned assets from IIQ , these include both AD based assets and flatfile based.

for Flat file based we are planning to the following:

Run account and group aggregation with false file name/location
Deactivate any roles for that application
Enable the maintenance (Assuming this will exclude the access reviews and aggregations, provisioning)
Delete the application

What is the best way to offboard AD based asset (AD group) and there are ITroles associated with the group ?

Thanks

enistri_devo · July 30, 2024, 7:02am

Hi @shivakarasani199,

you can use a rule for delete the roles. In the rule you build a filter with application condition and delete every single roles you find.

ps Why dont you delete directly the application for flat file?

shivakarasani199 · July 31, 2024, 12:29am

Hi @enistri_devo thanks for the reply , we are concerned about any stickiness before deleting the application directly like Policies/roles or any user account relations.

Also for AD based will it be like removing any other entitlement ?

enistri_devo · July 31, 2024, 7:29am

ok I understand. When you delete an application from debug or console, this command will delete all account, entitlement, scorecard ecc… relative of this application. So, you dont need the point 1 and 3.

Also, you must delete manually correlationConfig, taskdefinition, rule, forms, IT/BS roles and policies.
You have saome ways.
before deletion, you can search all correlated object with application, but is not easy for all type of object.
after deletion, you can search all object without a correlation with an application.

In everycase, the documentation and the name convention its very important. If you put in every file/object the name of application and the funcion, is very easy to serach something; for example:

Form-AD-CreateAccount
Rule-AD-CalcSamAccountname
CorrelationConfig-AD

system · September 29, 2024, 7:30am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Offboarding(Delete) the ServiceNow Application IIQ Discussion and Questions identityiq	4	68	October 14, 2024
Delete Flatfile After Aggregration IIQ Discussion and Questions rules , aggregation , identityiq	5	210	March 25, 2024
Managing Inactive Identity Cubes in IdentityIQ (delete, archive or other) IIQ Discussion and Questions workflows , identityiq , identities	8	1497	July 21, 2023
Best way to remove Azure groups on leaver process IIQ Discussion and Questions identityiq , entitlements	6	215	July 27, 2024
Task to check abandoned Workgroups IIQ Discussion and Questions rules , identityiq	6	493	November 20, 2023

Best way to Off board AD based asset (AD Group Offboarding) and Flat file Offboarding

Which IIQ version are you inquiring about?

Share all details related to your problem, including any error messages you may have received.

Related topics