[IDN] Account Deletion BP Rule run but the accounts are recreated

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi All,

I have a BP rule to delete accounts of an identity and it worked before.
I haven’t changed any of the settings but the accounts will be recreated after being deleted by the BP rule.

May I know if you can share some thoughts on why this issue is happening?

I suspect that the cause may be the identity state issue.

image
image939×261 9.17 KB

Here is my BP rule:
AD BP_enable.txt (3.5 KB)

2

Hi @iris_deloitte ,
I don’t think it is a issue with rule , probably you are using Roles or Entitlements for provisioning and these are sticky so even after rule delete the accounts because role is attached, ISC creates the account again.
To handle this situation make sure to remove all Roles,entitlements from user (use access request/Workflows) before deleting the user accounts.

3

Hi
In your screenshot you did not select any identity state. Can you validate what is the identity state that you have on the identity. As you have not configured this identity state would be Active.

image
image843×201 8.1 KB

check this post

As the identity state is active you might have a role/entitlement attached as Gourab mentioned and that would have triggerred the account creation.
Also validate if the lifecycle state is changing to active. If that is the case then your configuration on active lifecycle state might trigger account creation.

Thanks,
Uday

1 Like
4

Hi Uday,

Thank you so much for your reply. The screenshot just for demonstrating the identity state which I think may be causing the issue.

Best regards,
Iris

5

@iris_deloitte Following can be reason:

  1. Check the account activity what is the trigger which is creating the account again.
  2. Check if the it is trying to add entitlement which probably someone requested from request center and while you delete the account you did not remove the entitlement, and since entitlements are sticky in nature it will try add that when it does not find the account it will create account and add entitlement.
  3. So to be sure if it is happening due to sticky entitlements then try with one of the user who did not request an entitlement from request center. You will see account is not getting created for this user.
  4. Regarding your identity state it has to be set as per the document shared by @udayputta that will make sure the Identity State, but it will not solve your exact issue. If you manually process the Identity who had requested an entitlement from request center and you did not remove that requested access before deleting the account. It will create the account again.

Please go over my drafted blog, which actually has good links, Idea submitted and a solved post.
How to Handle Requestable Entitlements and Avoid Stickiness - Content / Blog Drafts - SailPoint Developer Community

Hope this will help.

6

@iris_deloitte

Yes may be due to which RBAC criteria is fulfilling and again recreating the account.

7

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.