How to trigger ‘Delete Account’ HTTP operation with Webservices Connector

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hello,

I am trying to integrate IdentityNow with Riversand and I am using a webservices connector. I have implemented all the endpoints as requested, however the application removes my entitlements and disables the account once a user changes from active lifecycle state to inactive. I want to ensure that the account is deleted, not only disabled, however it does not yet seem to do that.

I have tried before provisioning rule (Update source partial) with the following body:

[
{
“op”: “add”,
“path”: “/connectorAttributes/beforeProvisioningRules”,
“value”: {
“eventConfigurations”: [
{
“eventActions”: [
{
“Action”: “ChangeOperation”,
“Attribute”: null,
“Value”: “Delete”
}
],
“Identity Attribute Triggers”: [
{
“Attribute”: “lifecycleState”,
“Value”: “inactive”,
“Operation”: “eq”
}
],
“Operation”: “Modify”
}
]
}
}
]

It still does not work. Can someone please explain me exactly what I need to do? Perhaps a short teams meeting will do.

2

The eventConfigurations should be in cloudServicesIDNSetup (unless a newer version of the rule has changed this). Assuming this is using the ServicesStandard rule.

image
image1422×978 71.9 KB

You can double check the rule if this does not work.

image
image1450×478 74.3 KB

1 Like
3

Hi Alexandru,
Thank you for your post. Attached is the Readme for Service Standard Rule which has the latest changes.
Please let me know if you need any more details.
Services Standard BeforeProvisioning.pdf (68.4 KB)

As per documentation it should be

image
image899×682 57 KB

Please let us know if this works for you

4

Hello guys,

I would like to thank you for your time. Are we sure that using this, I will be able to delete the user from RIVERSAND application ONLY? I only want the user to be deleted once the lifecycle state changes to Inactive. This will be the only application that will be deleted, the rest will stay disabled. In other words, the AD account should stay, however I only need to delete the user from the target system (Riversand in this case).

5

Hi Alexandru,
That is correct. It will only delete from the application. No other things wil lget impacted as you are using the Before Provisioning rule only for this application.

Please let us know if you see any other issue in the same

6

[
{
“op”: “add”,
“path”: “/connectorAttributes/cloudServicesIDNSetup”,
“value”: {
“eventConfigurations”: [
{
“eventActions”: [
{
“Action”: “ADMoveAccount”,
“Attribute”: “AC_NewParent”,
“Value”: “OU=Disabled,OU=Users,OU=pa-rshwarts,OU=training,DC=testing,DC=com”
},
{

                   "Action": "ScramblePassword",
                        "Attribute": "password",
                        "Value":null
                },

                  "Action": "RemoveADEntitlements",
                  "Attribute" : "memberOf",
                  "Value": "CN=DOmain Users,CN=Users,DC=testing,DC=com"
                }
          ],

I seem to receive 400 bad request

image
image1757×778 110 KB

7

I have managed to paste the code and this is how my application looks now in Visual:
{
“description”: “RIVERSAND TEST”,
“owner”: {
“type”: “IDENTITY”,
“id”: “a97232af60c241e8ad906ff81fdbed6f”,
“name”: “Alexandru Statie”
},
“cluster”: {
“type”: “CLUSTER”,
“id”: “1fdf80ee5af540a499bd3b87db95a666”,
“name”: “Acceptance VA Cluster”
},
“accountCorrelationConfig”: {
“type”: “ACCOUNT_CORRELATION_CONFIG”,
“id”: “d4b4f49721b442dab3d696cc32a9a182”,
“name”: “RIVERSAND TEST [source] Account Correlation”
},
“accountCorrelationRule”: null,
“managerCorrelationMapping”: null,
“managerCorrelationRule”: null,
“beforeProvisioningRule”: null,
“schemas”: [
{
“type”: “CONNECTOR_SCHEMA”,
“id”: “7a91b7939fb04b00b238fd6c6a49f55c”,
“name”: “account”
},
{
“type”: “CONNECTOR_SCHEMA”,
“id”: “921dfa4021aa4d05998ce73b8548d01a”,
“name”: “group”
}
],
“passwordPolicies”: null,
“features”: [
“UNLOCK”,
“AUTHENTICATE”,
“PASSWORD”,
“ENABLE”,
“PROVISIONING”
],
“type”: “Web Services”,
“connector”: “web-services-angularsc”,
“connectorClass”: “sailpoint.connector.webservices.WebServicesConnector”,
“connectorAttributes”: {
“healthCheckTimeout”: 30,
“clientCertificate”: null,
“deltaAggregationEnabled”: false,
“accesstoken”: “1:xuszTp2d8to5GOw6745BdqsDFlNoxzyBa12mJ8LhDimmap2k+btKA1366sLIWGXgAcGFL+HDQcYI\nQ3AYjvJi6slmoJkHE+WkqF3SfW8igdQ4HfNFyi6t9NOl7InpvMiPo3hDf69lFUKdTpYNEt7r94b/\nlT6LCHSHe2n13d/gVcY/xJnUUNEbpmW+DHETMIVWb+6o7ltI0NjAMDU89c8sR8uiPQruNCFWJETE\nX6kvK0GegHK/Z73bK6pE17vgCe3bBhIcA4rB0BFGU1D55bpsUhNd1hhJKeAGcKh4vzVAM7RP3uT+\nJA0zR+ICJAtRydgOqJVzzvxI7Yugi/q4/90vrYfaKAX+0JVKzycW5Z32aWO4ROC0FjdXz50VvOCd\nuf1D9QxijGDucOAnea1FXgOuCyH7K9wzppAkSTuLkJJNLtsisydevk7wZMXwi6XHLeVvKTXz8rDS\nwDQxzeW0Nh6+34O1PB65PSok/eCIzyrI0Bk7DLXul1gPl0PjplCh9wUmNux09HwG78q+JHaABMGf\nnHCW0TzmOo2l3uaOiG7/LtuzrSWvffwf6VuyrcuYoqctpM+72wx3wApGoxwjoRC83Np2/lPpmyS2\nCcNvnkZQk7nZczyyVbUbCRh5dE/rWQjG1A1W7hPS0z9mu9M9v/lJsocVnIRok1tgBa3Sftwa4eK0\nP7CZdd4zTFA4BUcSzQleNKnV4Cj3wqnbe5EkiwoZ0g==”,
“throwProvBeforeRuleException”: true,
“checkDeletedDisabled”: false,
“connectionType”: “direct”,
“client_id”: null,
“numPartitionThreads”: null,
“password”: null,
“cloudExternalId”: “63370”,
“client_secret”: null,
“clientKeySpec”: null,
“saml_headers_to_exclude”: null,
“sourceConnected”: true,
“saml_headers”: null,
“private_key”: null,
“version”: “v2”,
“slpt-source-diagnostics”: “{"connector":"web-services-angularsc","status":"SOURCE_STATE_HEALTHY","healthy":true,"healthcheckDisabled":false,"healthcheckCount":126,"lastHealthcheck":1708676555934,"statusChanged":1708505349775}”,
“formPath”: null,
“refresh_token”: null,
“cloudCacheUpdate”: 1708676557208,
“saml_request_body”: null,
“authenticationMethod”: “OAuthLogin”,
“httpCookieSpecsStandard”: “true”,
“connectorName”: “Web Services”,
“enableStatus”: null,
“since”: “2024-02-21T08:49:09.775Z”,
“status”: “SOURCE_STATE_HEALTHY”,
“supportsDeltaAgg”: “true”,
“lastAggregationDate_group”: “2024-02-22T20:07:13Z”,
“resourceOwnerUsername”: null,
“cloudServicesIDNSetup”: {
“eventConfigurations”: [
{
“eventActions”: [
{
“Action”: “ADMoveAccount”,
“Attribute”: “AC_NewParent”,
“Value”: “OU=Disabled,OU=Users,OU=pa-rshwarts,OU=training,DC=testing,DC=com”
},
{
“Action”: “ScramblePassword”,
“Attribute”: “password”,
“Value”: null
},
{
“Action”: “RemoveADEntitlements”,
“Attribute”: “memberOf”,
“Value”: “CN=DOmain Users,CN=Users,DC=testing,DC=com”
}
]
}
]
},
“oAuthJwtHeader”: null,
“enableHasMore”: false,
“isGetObjectRequiredForPTA”: true,
“timeoutInSeconds”: “60”,
“genericWebServiceBaseUrl”: “https://vidaxlds.riversand.com/”,
“resourceOwnerPassword”: null,
“connectionParameters”: [
{
“httpMethodType”: “GET”,
“pagingInitialOffset”: 0,
“sequenceNumberForEndpoint”: “1”,
“uniqueNameForEndPoint”: “Test connection”,
“curlCommand”: null,
“rootPath”: null,
“body”: {
“bodyFormData”: null,
“jsonBody”: null,
“bodyFormat”: “raw”
},
“customAuthUrl”: null,
“paginationSteps”: null,
“responseCode”: null,
“resMappingObj”: null,
“contextUrl”: null,
“pagingSize”: 50,
“curlEnabled”: false,
“header”: null,
“operationType”: “Test Connection”,
“xpathNamespaces”: null,
“parentEndpointName”: null
},
{
“httpMethodType”: “GET”,
“pagingInitialOffset”: 0,
“sequenceNumberForEndpoint”: “2”,
“uniqueNameForEndPoint”: “Get Object”,
“curlCommand”: null,
“rootPath”: null,
“body”: {
“bodyFormData”: null,
“jsonBody”: “{\n "params": {\n "query": {\n "filters": {\n "typesCriterion": [\n "$.user$"\n ]\n }\n },\n "fields": {\n "attributes": [\n "$.ALL$"\n ],\n "relationships": [\n "$.ALL$"\n ]\n }\n }\n}",
“bodyFormat”: “raw”
},
“customAuthUrl”: null,
“paginationSteps”: null,
“responseCode”: [
“2**”
],
“resMappingObj”: {
“firstName”: “$.firstName$”,
“lastName”: “$.lastName$”,
“roles”: “$.roles$”,
“name”: “$.name$”,
“ownershipdata”: “$.ownershipdata$”,
“id”: “$.id$”,
“type”: “$.type$”,
“email”: “$.email$”
},
“contextUrl”: “api/entitymodelservice/get”,
“pagingSize”: 50,
“curlEnabled”: false,
“header”: {
“x-rdp-userRoles”: “["admin"]”,
“Content-type”: “application/json”,
“x-rdp-version”: “8.1”,
“auth-client-id”: “Y58JTdeoJJq0PWC1AGCDXPDCYkQWZc0O”,
“auth-client-secret”: "zWPZQUpH6aTRflvi3YWaP0QBBbTpji0yw-Maj_VHUCPEW4YLQRtUfizyc17cw05",
“x-rdp-clientId”: “rdpclient”,
“x-rdp-userId”: “[email protected]”,
“Connection”: “keep-alive”,
“x-rdp-tenantId”: “vidaxlds”
},
“operationType”: “Get Object”,
“xpathNamespaces”: null,
“parentEndpointName”: null
},
{
“httpMethodType”: “POST”,
“pagingInitialOffset”: 0,
“sequenceNumberForEndpoint”: “3”,
“uniqueNameForEndPoint”: “Account aggregation”,
“curlCommand”: null,
“rootPath”: “$.response.entityModels”,
“body”: {
“bodyFormData”: null,
“jsonBody”: “{\n "params": {\n "query": {\n "filters": {\n "typesCriterion": [\n "user"\n ]\n }\n },\n "fields": {\n "attributes": [\n "ALL"\n ],\n "relationships": [\n "ALL"\n ]\n }\n }\n}",
“bodyFormat”: “raw”
},
“customAuthUrl”: null,
“paginationSteps”: null,
“responseCode”: [
“2**”
],
“resMappingObj”: {
“firstName”: “properties.firstName”,
“lastName”: “properties.lastName”,
“roles”: “properties.roles”,
“name”: “name”,
“ownershipdata”: “properties.ownershipdata”,
“id”: “id”,
“type”: “type”,
“email”: “properties.email”
},
“contextUrl”: “api/entitymodelservice/get”,
“pagingSize”: 50,
“curlEnabled”: false,
“header”: {
“Authorization”: "zWPZQUpH6aTRflvi3YWaP0QBBbTpji0yw-Maj_VHUCPEW4YLQRtUfizyc17cw05”,
“x-rdp-userRoles”: “["admin"]”,
“Content-type”: “application/json”,
“x-rdp-version”: “8.1”,
“Accept”: “application/json”,
“auth-client-id”: “Y58JTdeoJJq0PWC1AGCDXPDCYkQWZc0O”,
“auth-client-secret”: "zWPZQUpH6aTRflvi3YWaP0QBBbTpji0yw-Maj_VHUCPEW4YLQRtUfizyc17cw05”,
“x-rdp-clientId”: “rdpclient”,
“x-rdp-userId”: “[email protected]”,
“Connection”: “keep-alive”,
“x-rdp-tenantId”: “vidaxlds”
},
“operationType”: “Account Aggregation”,
“xpathNamespaces”: null,
“parentEndpointName”: null
},
{
“httpMethodType”: “POST”,
“pagingInitialOffset”: 0,
“sequenceNumberForEndpoint”: “4”,
“uniqueNameForEndPoint”: “Group aggregation”,
“curlCommand”: null,
“rootPath”: “$.response.entityModels[*]”,
“body”: {
“bodyFormData”: null,
“jsonBody”: “{\n "params": {\n "query": {\n "filters": {\n "typesCriterion": [\n "role"\n ]\n }\n }\n }\n}”,
“bodyFormat”: “raw”
},
“customAuthUrl”: null,
“paginationSteps”: null,
“responseCode”: [
“2**”
],
“resMappingObj”: {
“firstName”: “firstName”,
“lastName”: “lastName”,
“roles”: “roles”,
“name”: “name”,
“ownershipdata”: “ownershipdata”,
“id”: “id”,
“type”: “type”,
“email”: “email”
},
“contextUrl”: “api/entitymodelservice/get”,
“pagingSize”: 50,
“curlEnabled”: false,
“header”: {
“x-rdp-userRoles”: “["admin"]”,
“Content-type”: “application/json”,
“x-rdp-version”: “8.1”,
“Accept”: “application/json”,
“auth-client-id”: “Y58JTdeoJJq0PWC1AGCDXPDCYkQWZc0O”,
“auth-client-secret”: “zWPZQUpH6aTRflvi3YWaP0QBBbTpji0yw_-Maj_VHUCPEW4YLQRtUfizyc17cw05”,
“x-rdp-clientId”: “rdpclient”,
“x-rdp-userId”: “[email protected]”,
“Connection”: “keep-alive”,
“x-rdp-tenantId”: “vidaxlds”
},
“operationType”: “Group Aggregation”,
“xpathNamespaces”: null,
“parentEndpointName”: null
},
{
“httpMethodType”: “POST”,
“pagingInitialOffset”: 0,
“sequenceNumberForEndpoint”: “5”,
“uniqueNameForEndPoint”: “Create account”,
“curlCommand”: null,
“rootPath”: null,
“body”: {
“bodyFormData”: null,
“jsonBody”: “{\n "entityModel": {\n "id": "userid",\n "name": "username",\n "type": "user",\n "properties": {\n "firstName": "firstName",\n "lastName": "lastName",\n "login": "lastName",\n "email": "email",\n "roles": [\n "role1",\n "role2"\n ]\n }\n }\n}”,
“bodyFormat”: “raw”
},
“customAuthUrl”: null,
“paginationSteps”: null,
“responseCode”: [
“2**”
],
“resMappingObj”: {
“firstName”: “firstName”,
“lastName”: “lastName”,
“roles”: “roles”,
“name”: “name”,
“ownershipdata”: “ownershipdata”,
“id”: “id”,
“type”: “type”,
“email”: “email”
},
“contextUrl”: “/api/entitymodelservice/create”,
“pagingSize”: 50,
“curlEnabled”: false,
“header”: {
“x-rdp-userRoles”: “["admin"]”,
“Content-type”: “application/json”,
“x-rdp-version”: “8.1”,
“Accept”: “application/json”,
“auth-client-id”: “Y58JTdeoJJq0PWC1AGCDXPDCYkQWZc0O”,
“auth-client-secret”: “zWPZQUpH6aTRflvi3YWaP0QBBbTpji0yw_-Maj_VHUCPEW4YLQRtUfizyc17cw05”,
“x-rdp-clientId”: “rdpclient”,
“x-rdp-userId”: “[email protected]”,
“Connection”: “keep-alive”,
“x-rdp-tenantId”: “vidaxlds”
},
“operationType”: “Create Account”,
“xpathNamespaces”: null,
“parentEndpointName”: null
},
{
“httpMethodType”: “POST”,
“pagingInitialOffset”: 0,
“sequenceNumberForEndpoint”: “6”,
“uniqueNameForEndPoint”: “Remove entitlements”,
“curlCommand”: null,
“rootPath”: null,
“body”: {
“bodyFormData”: null,
“jsonBody”: “{\n "entityModel": {\n "properties": {\n "roles": [\n "role1",\n "role2"\n ]\n }\n }\n}”,
“bodyFormat”: “raw”
},
“customAuthUrl”: null,
“paginationSteps”: null,
“responseCode”: [
“2**”
],
“resMappingObj”: {
“firstName”: “firstName”,
“lastName”: “lastName”,
“roles”: “roles”,
“name”: “name”,
“ownershipdata”: “ownershipdata”,
“id”: “id”,
“type”: “type”,
“email”: “email”
},
“contextUrl”: “/api/entitymodelservice/delete”,
“pagingSize”: 50,
“curlEnabled”: false,
“header”: {
“x-rdp-userRoles”: “["admin"]”,
“Content-type”: “application/json”,
“x-rdp-version”: “8.1”,
“Accept”: “application/json”,
“auth-client-id”: “Y58JTdeoJJq0PWC1AGCDXPDCYkQWZc0O”,
“auth-client-secret”: “zWPZQUpH6aTRflvi3YWaP0QBBbTpji0yw_-Maj_VHUCPEW4YLQRtUfizyc17cw05”,
“x-rdp-clientId”: “rdpclient”,
“x-rdp-userId”: “[email protected]”,
“Connection”: “keep-alive”,
“x-rdp-tenantId”: “vidaxlds”
},
“operationType”: “Remove Entitlement”,
“xpathNamespaces”: null,
“parentEndpointName”: null
},
{
“httpMethodType”: “POST”,
“pagingInitialOffset”: 0,
“sequenceNumberForEndpoint”: “7”,
“uniqueNameForEndPoint”: “Disable Account”,
“curlCommand”: null,
“rootPath”: null,
“body”: {
“bodyFormData”: null,
“jsonBody”: “{\n "entityModel": {\n "id": "userid",\n "name": "username",\n "type": "user"\n }\n}”,
“bodyFormat”: “raw”
},
“customAuthUrl”: null,
“paginationSteps”: null,
“responseCode”: [
“2**”
],
“resMappingObj”: {
“firstName”: “firstName”,
“lastName”: “lastName”,
“roles”: “roles”,
“name”: “name”,
“id”: “id”,
“type”: “type”,
“email”: “email”
},
“contextUrl”: “/api/entitymodelservice/delete”,
“pagingSize”: 50,
“curlEnabled”: false,
“header”: {
“x-rdp-userRoles”: “["admin"]”,
“Content-type”: “application/json”,
“x-rdp-version”: “8.1”,
“Accept”: “application/json”,
“auth-client-id”: “Y58JTdeoJJq0PWC1AGCDXPDCYkQWZc0O”,
“auth-client-secret”: “zWPZQUpH6aTRflvi3YWaP0QBBbTpji0yw_-Maj_VHUCPEW4YLQRtUfizyc17cw05”,
“x-rdp-clientId”: “rdpclient”,
“x-rdp-userId”: “[email protected]”,
“Connection”: “keep-alive”,
“x-rdp-tenantId”: “vidaxlds”
},
“operationType”: “Disable Account”,
“xpathNamespaces”: null,
“parentEndpointName”: null
},
{
“httpMethodType”: “POST”,
“pagingInitialOffset”: 0,
“sequenceNumberForEndpoint”: “8”,
“uniqueNameForEndPoint”: “Delete Account”,
“curlCommand”: null,
“rootPath”: null,
“body”: {
“bodyFormData”: null,
“jsonBody”: “{\n "entityModel": {\n "id": "userid",\n "name": "username",\n "type": "user"\n }\n}”,
“bodyFormat”: “raw”
},
“customAuthUrl”: null,
“paginationSteps”: null,
“responseCode”: [
“2**”
],
“resMappingObj”: {
“firstName”: “firstName”,
“lastName”: “lastName”,
“roles”: “roles”,
“name”: “name”,
“id”: “id”,
“type”: “type”,
“email”: “email”
},
“contextUrl”: “/api/entitymodelservice/delete”,
“pagingSize”: 50,
“curlEnabled”: false,
“header”: {
“x-rdp-userRoles”: “["admin"]”,
“Content-type”: “application/json”,
“x-rdp-version”: “8.1”,
“Accept”: “application/json”,
“auth-client-id”: “Y58JTdeoJJq0PWC1AGCDXPDCYkQWZc0O”,
“auth-client-secret”: “zWPZQUpH6aTRflvi3YWaP0QBBbTpji0yw_-Maj_VHUCPEW4YLQRtUfizyc17cw05”,
“x-rdp-clientId”: “rdpclient”,
“x-rdp-userId”: “[email protected]”,
“Connection”: “keep-alive”,
“x-rdp-tenantId”: “vidaxlds”
},
“operationType”: “Delete Account”,
“xpathNamespaces”: null,
“parentEndpointName”: null
}
],
“lockStatus”: null,
“oauth_request_parameters”: null,
“grant_type”: null,
“partitionAggregationEnabled”: false,
“deleteStatus”: null,
“hasFullAggregationCompleted”: true,
“deltaAggregation”: null,
“beforeProvisioningRules”: {
“eventConfigurations”: [
{
“IdentityAttributeTriggers”: [
{
“Attribute”: “cloudLifecycleState”,
“Value”: “inactive”,
“Operation”: “eq”
}
],
“eventActions”: [
{
“Action”: “RemoveEntitlements”,
“Attribute”: null,
“Value”: null
},
{
“Action”: “ChangeOperation”,
“Attribute”: null,
“Value”: “Disable”
},
{
“Action”: “ChangeOperation”,
“Attribute”: null,
“Value”: “Delete”
}
],
“Operation”: “Modify”
}
]
},
“token_url”: null,
“possibleHttpErrors”: {
“errorMessages”: null,
“errorCodes”: null
},
“oauth_body_attrs_to_exclude”: null,
“throwProvAfterRuleException”: true,
“lastAggregationDate_account”: “2024-02-23T08:22:37Z”,
“deleteThresholdPercentage”: 12,
“fixedPlanMultivaluedAttribute”: “true”,
“oauth_headers”: null,
“templateApplication”: “Web Services Template”,
“encrypted”: “accesstoken,refresh_token,oauth_token_info,client_secret,private_key,private_key_password,clientCertificate,clientKeySpec,resourceOwnerPassword,custom_auth_token_info”,
“healthy”: true,
“private_key_password”: null,
“cloudDisplayName”: “RIVERSAND TEST”,
“oAuthJwtPayload”: null,
“oauth_headers_to_exclude”: null,
“saml_assertion_url”: null,
“beforeProvisioningRule”: null,
“username”: null
},
“deleteThreshold”: 12,
“authoritative”: false,
“healthy”: true,
“status”: “SOURCE_STATE_HEALTHY”,
“since”: “2024-02-21T08:49:09.775Z”,
“connectorId”: “web-services-angularsc”,
“connectorName”: “Web Services”,
“connectionType”: “direct”,
“connectorImplementationId”: “web-services-angularsc”,
“managementWorkgroup”: null,
“id”: “9bcfee5ef3b948878980efb85f84f46a”,
“name”: “RIVERSAND TEST”,
“created”: “2024-02-12T10:00:42.464Z”,
“modified”: “2024-02-23T08:22:37.279Z”
}

It still does not work. user is not deleted from the interface

8

image
image1887×280 21.2 KB

I do not seem to receive any errors, but the account is not deleted from Riversand.

9

In other words I should use what you provided and update the source partially? I am not sure where to paste the code you provided.

10

image
image1893×592 17.5 KB

Dummy user is still there, entitlements removed, however the user is still not deleted, the user will come up as active again after the next aggregation.

11

image
image1877×186 9.89 KB

12

Hi Alexandru,

If you are looking to delete the account for an inactive user while disable operation is triggered, something like this would work :

“cloudServicesIDNSetup”: {
“eventConfigurations”: [
{
“eventActions”: [
{
“Action”: “ChangeOperation”,
“Attribute”: null,
“Value”: “Delete”
}
],
“Identity Attribute Triggers”: [
{
“Attribute”: “lifecycleState”,
“Value”: “inactive”,
“Operation”: “eq”
}
],
“Operation”: “Disable”
}
]
}

13

Tried your suggestion as following:
[
{
“op”: “add”,
“path”: “/connectorAttributes/cloudServicesIDNSetup”,
“value”: {
“cloudServicesIDNSetup”: {
“eventConfigurations”: [
{
“eventActions”: [
{
“Action”: “ChangeOperation”,
“Attribute”: null,
“Value”: “Delete”
}
],
“IdentityAttributeTriggers”: [
{
“Attribute”: “lifecycleState”,
“Value”: “inactive”,
“Operation”: “eq”
}
],
“Operation”: “Disable”
}
]
}
}
}
]

It disables the account still, but the account is not getting deleted. I have tried all your suggestion guys, the only step (deletion) cannot be done somehow, even though the activity says that everything is running fine.

14

image
image1867×140 10.2 KB

15

Hi Alexandru,

Looking at your source configuration, I see the before provisioning rule name and ID are missing. You will need to deploy the rule in the cloud first, and get the Rule ID to be updated in the source.

You can make use of the Visual Studio extension to easily update the source details as given in the below link

Below is how the source should look like. Please try our and let me know.

Source_Config.txt (21.6 KB)

16

How can I do that? I have never done that. Is it possible from UI, postman or from Visual? If yes, please provide explanation on how this can be done. Thank you!

17

Once your rule is deployed, you need to get the ID of the rule. You can use this API to get the list of rules and then find the ID of this specific rule from the list.

Then update the source as below using VS Code (need IDN extension)

"beforeProvisioningRule": {
        "type": "RULE",
        "id": "7da58de46fa4404f8aa1d1b089e7026b",
        "name": "Services Standard IdentityNow BeforeProvisioning Rule"
    }
18

Hi Alexandru,

  1. Deploy the cloud rule in your tenant. Since cloud rule can only be deployed by SailPoint support, you will need to submit a request under SailPoint Support Homepage - Customer Support

    You can find the Services Standard Before Provisioning Rule under this thread - Services Standard Before Provisioning Rule - #3 by edmarks

    This rule needs to be deployed by SailPoint support, in your tenant.

  2. Once the cloud rule is deployed by SailPoint support, your source configuration needs to be updated with the name and ID of the before provisioning rule and the event configuration details. The Services Standard Rule looks into the event configuration parameters to make changes to the provisioning plan.

19

I suggest using "Account Attribute Update Triggers" instead of "Identity Attribute Triggers" and select an attribute from the source whose name is unique across your tenant.

"Account Attribute Update Triggers": [
	{
		"Attribute": "extensionAttribute1",
		"Operation": "eq",
		"Value": "inactive"
	}
],
20

The “Services Standard Before Provisioning Rule” can be deployed via sp_config without the need for a SailPoint ticket.

2 Likes