Hi Folks,
There is a requirement that after 30 days of disabling a application account, we need to delete the application account. In ISC do we need to do anything on source level or is it something that will be there in a lifecycle state and we need to just add the sources in list for deletion.
As you said, you can leverage the New Capability: Delete Accounts on Termination via Lifecycle Management - Announcements / Product News - SailPoint Developer Community. Meanwhile, you should consider
- Type of your application (disconnected or OOTB). Disconnected application will not delete the account and it creates a manual task & sends notification email.
- The identity’s LCS set with inactive long-term identity state
- Make sure the Roles for the identities are revoked to prevent the duplicate account creation
3 Likes
@Amsingh1,
You have to configure a lifecyclestate to recognize the accounts whose end date was 30 days before or more than 30 days before.
Clearly you have to update your lifecyclestate transform as well.
In the identity profile, you have to configure this lifecycle state as “inactive (long-term)
Only then it will enable the option to mark the lifecyclestate to delete the accounts from sources.
Mark the option to Delete and add all the target source under the scope to automatically delete the accounts from them.
Hope this helps,
Thank you,
Vaibhav
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.