Bulk Account Disabling

SaiSumanth_G · February 9, 2024, 5:36pm

Hi Experts,

We need to disable 1k+ accounts on a source (with 5k+ accounts), please kick start me with some ideas, thanks in advance.

iamology · February 9, 2024, 6:35pm

Have you considered running a script to call Account Update API?
PATCH ..../beta/accounts/:accountId

body

[
    { 
        "op": "replace", 
        "path": "/disabled", 
        "value": true
    }
]

BenNelson · February 9, 2024, 7:58pm

You could use a workflow to do it if you can craft a search query that can get all of the accounts in question. We have a workflow that enables accounts that were returned in a search so that is something similar.

Our workflow triggers off aggregation, waits a bit for post aggregation processing to complete and then runs a search query on accounts we want to enable. The list of accounts is then looped through an enabled one at a time.

Might not be what you are looking for all of these, but if you have to do a handful here or there ongoing, it might be useful.

SaiSumanth_G · February 9, 2024, 8:01pm

Thanks for your help ben, but our environment doesn’t have the workflows enabled.

BenNelson · February 9, 2024, 8:44pm

Ok, yeah then I probably would script it like mentioned previously. You could use a PowerShell script like this to do it. Please note that I have not ran in this code in a long time so use at your risk.

# Specify the path to the file containing account information
$accountsFilePath = "C:\Path\To\Your\Accounts\File.txt"

# Read the accounts from the file
$accounts = Get-Content -Path $accountsFilePath

# Define headers
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", "application/json")
$headers.Add("Accept", "application/json")
$headers.Add("Authorization", "Bearer <TOKEN>")

# Loop through each account in the file
foreach ($account in $accounts) {
    # Create the JSON body for the API call
    $body = @"
    {
      "externalVerificationId": "$account",
      "forceProvisioning": false
    }
"@

    # Construct the API endpoint with the account ID
    $apiEndpoint = "https://sailpoint.api.identitynow.com/beta/accounts/$account/disable"

    # Invoke the REST method for each account
    $response = Invoke-RestMethod -Uri $apiEndpoint -Method 'POST' -Headers $headers -Body $body

    # Display the response (you can customize this part based on your needs)
    $response | ConvertTo-Json
}

Good luck

SaiSumanth_G · February 23, 2024, 5:01pm

Thanks @BenNelson, it worked

system · April 23, 2024, 5:01pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Bulk delete identities without checking the "Disable Account Deletion" ISC Discussion and Questions apis , identity-security-cloud	1	565	July 19, 2023
Different functionalities on disabled/remove/aggregate account ISC Discussion and Questions identity-security-cloud , provisioning	3	339	August 2, 2023
IDN Source Accounts ISC Discussion and Questions	5	871	July 19, 2023
Endpoint for 'remove account' ISC Discussion and Questions	7	1035	July 19, 2023
IdentityNow - Account Creation triggers ISC Discussion and Questions	1	728	July 19, 2023

Bulk Account Disabling

Related Topics