Bulk Account Disabling

SaiSumanth_G · February 9, 2024, 5:36pm

Hi Experts,

We need to disable 1k+ accounts on a source (with 5k+ accounts), please kick start me with some ideas, thanks in advance.

iamology · February 9, 2024, 6:35pm

Have you considered running a script to call Account Update API?
PATCH ..../beta/accounts/:accountId

body

[
    { 
        "op": "replace", 
        "path": "/disabled", 
        "value": true
    }
]

BenNelson · February 9, 2024, 7:58pm

You could use a workflow to do it if you can craft a search query that can get all of the accounts in question. We have a workflow that enables accounts that were returned in a search so that is something similar.

Our workflow triggers off aggregation, waits a bit for post aggregation processing to complete and then runs a search query on accounts we want to enable. The list of accounts is then looped through an enabled one at a time.

Might not be what you are looking for all of these, but if you have to do a handful here or there ongoing, it might be useful.

SaiSumanth_G · February 9, 2024, 8:01pm

Thanks for your help ben, but our environment doesn’t have the workflows enabled.

BenNelson · February 9, 2024, 8:44pm

Ok, yeah then I probably would script it like mentioned previously. You could use a PowerShell script like this to do it. Please note that I have not ran in this code in a long time so use at your risk.

# Specify the path to the file containing account information
$accountsFilePath = "C:\Path\To\Your\Accounts\File.txt"

# Read the accounts from the file
$accounts = Get-Content -Path $accountsFilePath

# Define headers
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", "application/json")
$headers.Add("Accept", "application/json")
$headers.Add("Authorization", "Bearer <TOKEN>")

# Loop through each account in the file
foreach ($account in $accounts) {
    # Create the JSON body for the API call
    $body = @"
    {
      "externalVerificationId": "$account",
      "forceProvisioning": false
    }
"@

    # Construct the API endpoint with the account ID
    $apiEndpoint = "https://sailpoint.api.identitynow.com/beta/accounts/$account/disable"

    # Invoke the REST method for each account
    $response = Invoke-RestMethod -Uri $apiEndpoint -Method 'POST' -Headers $headers -Body $body

    # Display the response (you can customize this part based on your needs)
    $response | ConvertTo-Json
}

Good luck

SaiSumanth_G · February 23, 2024, 5:01pm

Thanks @BenNelson, it worked

system · April 23, 2024, 5:01pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Disable Accounts in bulk using Workflows ISC Discussion and Questions workflows , identity-security-cloud	2	928	July 19, 2023
Bulk account disable using Postman ISC Discussion and Questions identity-security-cloud , lifecycle-management	4	83	September 22, 2024
Need to bulk disable accounts from ~1000 users ISC Discussion and Questions workflows , identity-security-cloud , provisioning , accounts	6	92	June 29, 2025
Disable Accounts in Bulk using workflow ISC Discussion and Questions workflows , identity-security-cloud	14	241	November 24, 2024
Disable SailPoint Source Status API call ISC Discussion and Questions	5	1312	July 19, 2023

Bulk Account Disabling

Related topics