How to get the cloud ID of a deleted USER from Authoritative Source

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hello SailPoint,

A user was in a pre-hire stage and later moved to an inactive status, during which roles were provisioned. However, the user’s identity was deleted from the authoritative source without the roles being revoked. To initiate a revoke request via Api, I need the user’s cloud ID. Is there any way to retrieve it through the API as I could not be able to get from SailPoint ISC.

2

Hi @rajrout2024 ,
If i’m understanding correctly:
The user is already deleted from ISC as it is not coming from SoT anymore.If user is not coming from SoT anymore and target apps are still present the accounts will be in Un-Correlated state.
In this case if you want to raise a revoke request I believe 2 things can be done:

  1. Create a dummy source and re-aggregate the identity then upon correlation raise revoke request.
  2. Incase 1st option is not doable , the good thing is that ISC supports uncorrelated account certification(link: Working with certifications - SailPoint Identity Security Cloud User Help) .So generate a cert and revoke all the items.
    the suggestions need to be tested first.
3

Just an addition , if you are using new ISC UI, and your account is in uncorrelated state even then you can get cloud Id of that identity. Go to source–>account management–>Accounts.

4

Hello Gourab,

I could find the user’s account in the source as uncorrelated account. but how can I revoke all the role that user has.

5

Hi @rajrout2024 ,
Have you checked target sources as well? if yes and account is not present in ISC then
how you identified the ISC roles that attached to the identity?

6

From the search tab if you see the users account activity and event you could be able to find what role user had before it went to inactive status.

7

If you can find user from search , from column chooser select id to get identity id.
image

8

In the search tab I am getting only two sub tabs i.e. Event and Account Activity, and those ids are event id and account activity ids.

9

Hi

Go to identity activity tab of identity management and search user with display name their you can see deleted users details.

Thanks,
Siva.K

10

Hello Sivakrishna,
Appreciate your help and also thanks to Gourab Sadhukhan.
Appreciate your response on my post to help me to find the solution for this issue. I tried to find the User’s cloud ID through user Account Activities and also tried through Identity Activity on Identity Management Tab but its only reflect Account Activity Ids not the users cloud id.

But I find a solution through postman  Beta API/ Account Activities/ Get Account Activities - put any of the account activity id of the particular user and hit the send option it will provide you with Activity Summary. Where you can find the user cloud id from the "targetIdentitySummary"

{
    "cancelComment": null,
    "cancelable": false,
    "completed": "2024-09-03T17:52:47.950Z",
    "completionStatus": "SUCCESS",
    "type": "IdentityAttributeUpdate",
    "requesterIdentitySummary": {
        "id": "64563456461456431564616663163",
        "name": "SailPoint Requester."
    },
    **"targetIdentitySummary": {**
**        "id": "ksdnfvkndvdp161465466vasdv6fsd",**
        "name": "SailPoint User"
    }