Disable the account instead of deleting it in Application Owner Certification when we revoke the account

As we are all aware, in the Application Owner Certification, when we revoke the account, the account will be deleted in the native application.

image

But if you have a requirement that you want to disable the account instead of delete it, then you can try with the entry called (<ProvisioningConfig deleteToDisable=“true”/) in the application (by adding it to the application from the Debug page). But that may create an issue with the default behavior of deleting accounts (in Manage Accounts).

image

So for that, without disturbing the OOTB functionality of Manage Accounts (Delete), what we can do is write a simple code in the before-provisioning rule of the application that checks if the request (Source) is a Certification, Delete request and then disables the account instead of deleting it. Here is the code for that.

Code:

String userId = "";
  List accRequests = plan.getAccountRequests( application.getName() );
  for ( AccountRequest accReq : accRequests )
  {
    if(accReq.getOp() == ObjectOperation.Delete &amp;&amp;  null != plan.getSource() &amp;&amp; plan.getSource().equals("Certification") &amp;&amp; null != accReq.getNativeIdentity() )
    {
      plan.remove(accReq);

      userId = accReq.getNativeIdentity();
      AccountRequest disableActReq = new AccountRequest();
      disableActReq.setOperation(AccountRequest.Operation.Disable);
      disableActReq.setApplication("AppName");
      disableActReq.setNativeIdentity(userId);
      log.error("Added the account request for disable: ");

      plan.add(disableActReq);
    }

  }
6 Likes

Hi @bhanuprakashkuruva, Appreciate your efforts!

1 Like

Thank you @VinodC. :+1:

Thanks for Sharing :blush:

1 Like

This is helpful.
Did you check the option adding flag deleteToDisable ?

<ProvisioningConfig deleteToDisable=“true”/>

1 Like

Hi @vishal_kejriwal1 ,

Yes, I have checked it. The problem with this is that the default behavior of deleting an account from manage account will not be working. Every time a disabled operation is performed, whenever a delete provisioning request comes to the application, it is changing the usefulness of the OOTP operation, which is needed many times.

Yes true .
But we need to be careful with adding condition into before provisioning rule as the condition will be check for each and every r transaction for the application.

Yeah, you are right. That’s why we are checking conditions that if plan’s (request) source is Certification and delete operation only, then do this.

This is helpful. I will try to execute the same to observe the behaviour.

1 Like

Thank you, Vivek. You can try.