We are currently on IIQ 8.4 but will be transitioning to ISC soon.
I was wondering if in ISC there is some method already available or something someone has come up with to quickly disable all Identity accounts and possibly also revoke sessions in EntraID.
This would be used in the case of a possible security incident or if an Identity just needs access temporarily/quickly revoked for whatever reason.
Thanks for any insight/responses!
Chris
A common method is manually changing the “lifecycle state”. This is available to specific user levels in ISC. You can manually set a certain state for a user in the UI or by API
Commonly, I see orgs use this to manually set a user to terminated, which will then launch the termination / leaver workflow on an emergent basis. If you wanted to follow a different set of rules for provisioning for your use case, you can also set up seaparate lifecycle states.
As far as I know it is not possible within ISC, but you can leverage the connector rules where you can write the PS custom script to terminate the next EntraID sessions by using Revoke-MgUserSignInSession (Microsoft.Graph.Users.Actions) | Microsoft Learn. This is again don’t actively kicking out peoples access off instantaneously, but it just stops regenerate the access token during next token refresh and helps to stop the access until EntraID accounts get disabled.
Thanks for the replies - I suppose I’ll look into creating a workflow that will do what is needed.