DocuSign OOTB - Account is getting disabled while Permission profile not getting removed on triggering delete operation

Hi,

We have configured OOTB DocuSign Connector. As per feature string connector supports Delete, provisioning.

When we tried to trigger delete operation during de-provisioning via the before-provisioning rule, observed that account is getting closed and on aggregation the account is getting pulled as disabled in ISC. The permissionProfiles remain intact on the account. Is this expected behaviour?

If yes how should we tackle the enable scenario? @Aditya_Veldi @dinesh_mishra

Any ideas around this would be much appreciated.

Thanks,

Manasa Gajjana

ISC doesn’t include entitlement changes when applying account changes like Disable and Delete.

Docusign’s API does have an option to include removal of PermissionSets as part of the Delete User endpoint. delete | REST API | Docusign

But I am guessing ISC isn’t including the Query Parameters.

There are a few options:

• Modify your beforeProvisioningRule to also remove the permissionProfiles

  • I haven’t tested this script, and needs to be modified to be called when Delete account is being done:

    import sailpoint.object.Identity;
    
    import sailpoint.object.ProvisioningPlan;
    import sailpoint.object.ProvisioningPlan.AccountRequest;
    import sailpoint.object.ProvisioningPlan.AttributeRequest;
    import sailpoint.rule.Account;
    
    List accountRequests = plan.getAccountRequests();
    
    if (accountRequests != null) {
      for (AccountRequest accountRequest: accountRequests) {
        String nativeIdentity = accountRequest.getNativeIdentity();
        String applicationName = accountRequest.getApplicationName();
        Account docusignAccount = idn.getAccountByNativeIdentity(applicationName, nativeIdentity);
        Map attributes = docusignAccount.getAttributes();                    
        Object permissionProfiles = attributes.get("permissionProfileId");
        if (permissionProfiles != null) {
          if (permissionProfiles instanceof List) {
            for (String profileId : permissionProfiles) {
              accountRequest.add(new AttributeRequest("permissionProfileId", ProvisioningPlan.Operation.Remove, profileId));
            }
          } else if (permissionProfiles instanceof String) {
            String profileId = (String) permissionProfiles;
            accountRequest.add(new AttributeRequest("permissionProfileId", ProvisioningPlan.Operation.Remove, profileId));
          }
        }           
      }
    }
    

• Create a workflow to trigger on Docusign account delete, and remove the entitlements.