Deleting an account

DivyaL_7 · March 18, 2026, 8:11am

Hello Community,

We need to trigger a delete operation for a Web Service source.
The requirement is to delete the account 7 days after the leave date.

I tried to implement this through a workflow using the Manage Accounts operation with Delete, but I am getting an error.

I was wondering whether this is the correct approach or if there is a better way to handle this use case.

Also, please note that this deletion requirement comes from the client’s needs, so I would appreciate focusing on the technical feasibility.

Thank you very much in advance for your help.

ssowmya567 · March 18, 2026, 8:13am

Can you share the error screenshot?

DivyaL_7 · March 18, 2026, 8:19am

Hello @ssowmya567 ,

On the step output of the step we have the error message :

{

“accountErrosDetails”: [

{

“accountID”:”the account ID of Account example 21787218721abcd”;

“errorMessage”: “request failed(type:Bad request,retryable;false) 400 - 400 Bad request”}],

“failedAccounts”:[“accountID”],

“successfullAccounts”:null

}

suraj_gorle · March 18, 2026, 8:20am

Hi @DivyaL_7 ,

This seems like you are not passing identityid for get identity action. Can you please share you workflow JSON by masking sensitive field.

DivyaL_7 · March 18, 2026, 8:36am

TestDelete20260318 (1).json (1.7 KB)

Hi @suraj_gorle , thank you for your reply,

here is the json of the workflow i hid the variables names

thank you in advance,

msingh900 · March 18, 2026, 9:12am

@DivyaL_7 PLease use postman to verify your POST requst is working or have valid body or not. If it works then you can configure the same inn your workflow.

DivyaL_7 · March 18, 2026, 9:14am

Hello,

thank you for your reply,

The Postman request works correctly.

However, I was trying to avoid using a direct HTTP request, as I was wondering about the purpose of the Delete operation in the Web Service Source if it cannot be triggered through the Manage Accounts operation.

Is using an HTTP request the recommended or best practice approach in ISC for this case?

Thank you in advance for your clarification..

msingh900 · March 18, 2026, 9:28am

I can suggest the below approach if you do not want to use HTTP operation.

If Delete operation is supported in your app. Then try the below steps:

Create a lifecycle state for delete an setup delete operation for your specific app.
Create an identity attribute for date to store the current date.
Compare the current date identity attribute with the end date of the user.
Change the cloud lifecycle state when the condition occurs.

Thanks

Manish Singh

AsGoyal · March 18, 2026, 9:32am

Hi @DivyaL_7 ,

Could you please assess with your client environment if this qualifies for creation of a lifecycle state. If it can be inactive longterm you can revoked and delete all the associated accounts.

PhilRawlings1 · March 18, 2026, 10:42am

Hi @DivyaL_7
Have you explored using ROLES to trigger the delete function in the WS connector?

DivyaL_7 · March 18, 2026, 3:58pm

Hello back,

@msingh900 and @AsGoyal unfortunately the client does not want to add another lifecycle state..

Hi @PhilRawlings1 how to configure it using roles? I have never done that

PhilRawlings1 · March 19, 2026, 8:26am

Create an identity attribute that tracks the lifecycle of the user and flips to ‘$newValue” after 7 days post termination (not technically a new LCS)
Build a role that assigns an entitlement to the user which creates the account on the source.
Set the criteria to exclude “$newvalue”
Create a DELETE HTTP operation on the WS connector
Once the user has triggered the 7 day clause, Sailpoint should trigger the Delete action with the removal of the entitlement

DivyaL_7 · March 19, 2026, 10:15am

Hello back @PhilRawlings1 ,

I performed some tests and noticed the following behavior: when the assignment rule( on the role that initially created the account of course ) is no longer satisfied both the role and the access profile are correctly removed.

However, the entitlement associated to the Access Profile remains assigned to the identity and does not get removed automatically.. it seems to “stick.”

Do you please have any idea why this entitlement is not being revoked?

trettkowski · March 19, 2026, 11:05am

Hi @DivyaL_7

This is by design. Entitlements assigned to access profiles are not sticky and do not retain like you would normally see with a role.

PhilRawlings1 · March 19, 2026, 11:38am

Hi,
As described in the above link, it shouldn’t stick if it was added by a AccessProfile. Did you conduct your test on a user with existing entitlement or on one created via the accessProfile?

DivyaL_7 · March 19, 2026, 2:06pm

Hi back,

I need to use a role (and not an Access Profile) to create the account, because the role includes very specific assignment criteria. I’d prefer to avoid implementing a workflow just to assign the Access Profile for account creation.

Is there please any alternative way to work around this stickiness? It feels like a limitation in the design?

BBR1 · March 19, 2026, 4:20pm

If you can revoke the entitlements before deleting the account.

Topic		Replies	Views
How to trigger 'Delete Account' HTTP operation with Webservices Connector ISC Discussion and Questions webservice-connector , identity-security-cloud	3	561	January 19, 2024
IdentityNow Webservices Connector, Delete Operation via Identity Profile is not available ISC Discussion and Questions webservice-connector , identity-security-cloud , accounts	9	140	December 6, 2025
Delete account when LifecylcleState changes from inactive to 10days ISC Discussion and Questions workflows , identity-security-cloud	7	262	November 22, 2024
Web Service Delete Account ISC Discussion and Questions webservice-connector , identity-security-cloud , provisioning	5	555	November 20, 2023
WebServiceAfterOperationRule for Deleting No Last Login Date ISC Discussion and Questions webservice-connector , rules , identity-security-cloud , provisioning , connectors	8	210	November 15, 2024

Deleting an account

Related topics