HI all,
We have set the past termination offset to 730 days in Workday, yet we are still seeing that some identities are being deleted from IDNow before reaching the past termination offset. I have observed many “delete identity passes” events for multiple identities. Do you have any idea how I can debug this issue or what might be causing it?
Review Audit Logs: Look at IDNow’s audit logs to see why identities are being deleted and if they were triggered manually or automatically.
@Chaithu9110 I am not able to locate the exact logs particular to those identities.
Hi Priyanka,
Try going to your Search and searching "DELETE IDENTITY PASSED". This will give you all the successful identity deletion events.
Use the arrows to the right of the word ‘Actor’ to toggle the order. If the actor is another identity, it was done manually. If ‘unknown’ it was done by the system.
Thanks,
Margo
In my case it is showing unknown that means it was done by system. I am not able to debug this as it is not showing anything in logs as well.
Hi Priyanka,
Can you check that the Effective Time Zone in your connector matches your Workday configurations for when hires/terms are processed (in Workday directly)
Also, can you share your filter settings, including for aggregating past rescinded hires
Lastly, if you run a full aggregation, is the record still not found?
how long before the specified date are we talking? months, weeks, days, hours?
are identities coming back into ISC after they get removed?
HI @sup3rmark ,
The past termination offset is set to 730 days. And the users are removing before months, weeks of 730 days. It is different for every Identity. This is not happening for all identities but for few we are observing this issue.
The identities are not coming back to ISC once get removed.
HI @margocbain ,
The timezones are same.and the settings are shown below :
Hi Priyanka - Just a thought. Are you sure that the records still exist in Workday?
@j_place Yes, the records are present in workday in inactive state.Workday never delete any data from there end in my case.
Does Workday use ‘pick list’ settings like Success Factors? If so, maybe these missing accounts have been assigned a new pick list number that is not being imported into IDN.
Are the records that are missing for Contingent Workers, Employees, or a mix of both? Have you checked with HR/HRIS to confirm there haven’t been any changes to the Workday records that would cause them to stop showing up in the results?
Are there any errors showing on your aggregations? I’d also recommend turning on debug logging on the VAs and turning the Workday logging to debug and seeing if there’s anything coming back from Workday for some of these missing records that SailPoint isn’t able to handle.
Export the accounts from Workday source and check if there are accounts still being aggregated for these users. Most likely they won’t be and I think it’s best you contact SailPoint Support with this issue
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
