Hello,
I have a question about Access History. When one of our employees leaves, his accounts and identity are “deleted” from ISC. However, he still appears in the access history with the “Only Deleted” filter.
For the sake of GDRP and clarity in access history data, we would like to DEFINITELY delete identities from access history after a given time.
I haven’t found an API call other than GET for this kind of data, do you know of a technique?
@dblanchard. I don’t think we can delete the access history. Not sure for how long the access history will be kept in SailPoint. Better to raise support case and check. Please do have the answer here once you get it.
This may help
Looks like audit data is 1 year + current month and unto five years by request.
Thanks for your reply, I’ve just checked the info via a search on events (created:[now-2y TO now-1y]) and the results start at the end of May 2023. So it seems that the audits are 1 year and 6 months + the current month on our context. I’ll add this information in my support request to have more clarification compared to the doc sent.
On the subject of access history, I’ve found a user whose authoritative source was deleted in April 2023, i.e. before the last search log. It seems that this information is subject to a different retention policy.
I will keep you in touch !
Hi @dblanchard the data under Access History will be available as long as you have the subscription, which means it won’t get deleted which mainly helps for auditing purposes. Regarding GDPR requirements, I am not sure identity attributes are saved in Access History logs but if you need to delete those entries, you will have to raise this with your CSM/SailPoint Support.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.