Disabling Account of an Identity

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Hello,

I am trying to disable all accounts that are tied to an identity. I know that identity.setAttribute("IIQDisabled, true) can set it to disable, but somehow I can only disable the identity itself instead of all the applications it belongs to. Does anyone know how to fix this issue?

  SailPointContext context = SailPointFactory.getCurrentContext();
  
  List<String> applications = context.getObjects(Application.class);
  ArrayList<String> information = new ArrayList<String>();
  
  ArrayList<String> info = new ArrayList<String>();
  List<String> identities = context.getObjects(Identity.class);
  String c = "Wilson";
  for (Identity ident : identities) {
    if(ident.getAttribute("displayName").contains(c)){
      ident.setAttribute("IIQDisabled", true);
      return ident;

      //information.add(ident);
      }
  }

image
image1000×283 12.4 KB

image
image718×188 6.59 KB

image
image837×148 4.92 KB

2

So a couple of notes for you to consider:

  1. To mark an Account as disabled, you need to set the IIQDisabled flag on the Account (Link) itself.
  2. To actually disable the account in the downstream/target system, you will need to create and execute a Provisioning Plan to perform that action. Ideally, you would have some kind of trigger (Lifecycle Event) to kick this process off, and handle the deprovisioning and identity updates in a workflow (e.g. Leaver event and workflow).