Hi,
I know we have an option on Identity UI page to disable user accounts for listed sources. I’m using Oracle Database connector to connect to my Oracle DBs. I’m now trying to delete the user accounts from the Oracle Database with the condition (account inactive>30 days). Is there any option you could suggest for this use case.
Sailpoint connectors support only disable action on account from UI not delete.
For your use case you may have to:
Reference:
if ( accountRequest.getOp().equals( ProvisioningPlan.ObjectOperation.Disable ) ) { accountRequest.setOp( ProvisioningPlan.ObjectOperation.Delete); }
Hope this helps.
Thanks for your reply, I have same requirement to disable user access on different applications when user last logon is greater than 30 days.
if the solution is to create a lifecyclestate, then i must be creating multiple lifecycle state for multiple applications.
Can we try using the before provisioning rule with if condition to check whether user last logon > 30 days, if yes then we will modify the operation to disable.
Please correct if there is any other solution.
Lifecycle state has to be defined in your authoritative source only. In that LCS you specify list of sources to be disabled. You can do a single before provisioning rule and map the same to all sources if you want. But i guess you will still need a de-provisioning trigger(like LCS/role etc) so the rule gets called.
Yes, I understand the flow.
But here my requirement is to check the user Database account and to see if user last logon is greater than 30 days, If it is true, I need to delete the user account on the database.