Delete operation supported by AzureAD source

gauravsajwan1 · October 27, 2022, 6:23am

Hi team,

Firstly, thanks for doing a great job for creating a proactive community, really appreciated.

I’ve a requirement wherein when a user touches “inactive” lifecycle state, I want to delete corresponding AzureAD account for the same user. I can see that delete operation is not OOTB supported as per the AzureAD documentation -
https://documentation.sailpoint.com/connectors/microsoft/azure_ad/help/integrating_azure_active_directory/account_management_for_user__fd_and_gu.html#Account

So, I was thinking to use before provisioning rule with the logic that any “disable” account request will be converted to “delete” account request. My question here is, do AzureAD source has the implementation written for “delete” account request or is there any other better way to implement this?
I’ve tried Workflow as well for the same requirement, but it currently has a limitation of inline variables not working inside HTTP Request URL field.

Would appreciated if anyone can assist. Thanks!

colin_mckibben · October 27, 2022, 1:31pm

Hi Gaurav,

Workflows should support inline variables in the URL. What does your HTTP action configuration look like? I might be able to spot the issue.

gauravsajwan1 · October 27, 2022, 2:14pm

Thanks @colin_mckibben for taking this up.
Within HTTP Request action, the Request URL field (which is a value) looks something like this (I’ve used inline variable with a filter) -
https://targetsystem.com/users/{{$.getAccounts.accounts[?(@.sourceName == \"Test Source\")].attributes.objectId}}

Once the workflow runs, it fails at the HTTP Request step where I can see that the Request URL hasn’t resolved the expression to a value.

There is another post for the HTTP Request inline variable -

colin_mckibben · October 27, 2022, 6:12pm

Ah yes, JSONpath filters aren’t supported in inline variables at this time. It is a known issue and engineering is looking into it.

gauravsajwan1 · October 28, 2022, 4:01am

Thanks @colin_mckibben for confirming the known issue.

Apart from workflow, the other part of my question was to know if “Delete Account” operation is supported by AzureAD connector via Before Provisioning Rule (intent is change “disable” to “delete”) ?

colin_mckibben · October 28, 2022, 4:56pm

Just got confirmation from the engineers that the “Delete Account” operation is not supported. Usually, disable is preferred because you can then recover an account in the event that the identity returns and is enabled again.

gauravsajwan1 · October 28, 2022, 5:18pm

Thanks again, @colin_mckibben!

Eagerly waiting for the JSONpath filters to be supported inside inline variables for HTTP Request action.

Topic		Replies	Views
Access request to delete an account from the source ISC Discussion and Questions identity-security-cloud , provisioning , jdbc-connector	2	131	April 9, 2024
AD Source Account Deletion After Worker Temination ISC Discussion and Questions identity-security-cloud , provisioning	3	226	January 11, 2024
Endpoint for 'remove account' ISC Discussion and Questions	7	1007	July 19, 2023
Can't delete uncorrelated account from source ISC Discussion and Questions identity-security-cloud , accounts , jdbc-connector , sources	7	252	March 13, 2024
Source option for Disabling the account Deletion - how to detect such disconnected identities via API or Rule/Transform/WF? ISC Discussion and Questions apis , aggregation , identity-security-cloud , provisioning , sources	4	701	July 19, 2023

Delete operation supported by AzureAD source

Related Topics