How to trigger 'Delete Account' HTTP operation with Webservices Connector

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hello, I have a Webservices connector and have a Delete Account HTTP operation. I was wondering how to trigger this operation as we want to delete accounts of this source after someone has left the company for 2 weeks.

Is there a way to trigger this out of the box or do I need to implement a connector rule for this case?

2

You will have to setup a Disable operation in the connector configuration and then use a Before Provisioning Rule to modify the disable to a delete operation.

For more information, refer to Web Services Before Operation Rule.

3

Hi @mguler

Incase if you need to delete account immediately after user left then you can just use Disable operation by using Identity Profile provisioning config.

But I see that you need to delete after 2 weeks of end date which is a good practice. It is not recommended to delete any account/access immediately after user leaving organization.

If your requirement is to delete after 2 weeks of leaving,

It is not about how you delete it, the question is how to trigger that after 2 weeks of leaving.

Will you create a LCS for that in Identity Profile ? no you should not for just one application. Even if you do user account is already disabled after last working day. It won’t trigger again rite.

You can use a Workflow to trigger some action after 2 weeks of leaver, you can use HTTP Request action to delete. Please note that Workflow is Licensed module.

Simple way is, do you have any generic attribute in your WebServices app like description, comments or even status (if it is different for disable and delete). If not may be you can update user displayName/lastName.

You take any attribute, enable the attribute sync for it.

After leaver + 2 weeks, this attribute value should be modified.

For example: Consider displayName attribute

User displayName: Tom Cruise

Leaver: User is disabled through Identity Profile - Provisioning LCS

Leaver + 2 weeks: user displayName will be updated to Tom Cruise (Deleted)

Sequence of Actions:

  1. Configure Delete HTTP operation in your source config
  2. Deploy Before Provisioning Rule: It gets request as Modify for displayName, you monitor this attribute as if displayName contains deleted then change the plan to have Account Request Delete operation.
  3. Since operation is delete, your HTTP Delete operation will be triggered.

If you use Connector Rule (WebService Before Operation) instead of Before Provisioning Rule, you can modify the request endpoint. It works, but you see activity as modify account not delete account in IDN activity logs.

You can choose whichever is best for you, hope this helps :slight_smile:

Thanks
Krish

1 Like
4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.