You can use the datemath transform in your lifecycle state transform to accomplish this, e.g. 60 days after termination date, set lifecycle state to “inactive long-term”.
Hey Justin, in your example is the “termination date” sourced from the authoritative source of record? My issue is that our authoritative source sometimes backdates Termination Dates. In that case the record isn’t truly terminated for the period of time being checked.
Yes, typically the termination date is an attribute from the auth source, but there are other alternatives. The date the user is terminated needs to be stored somewhere (e.g. an Active Directory extensionAttribute that is updated by the SSBP or other BeforeProvisioning Rule) that can be referenced using the datemap transform.
Events for deletion are still not coming in the identity events tab.
And they are only coming in DELETE_ACCOUNT_PASSED Event type from Search.
Can you let us know how to get the delete events in the identity events tab.
Hello everyone!
Team, thank you for sharing this feature.
I have a question: Is it possible to exclude an account so that it isn’t deleted?
In other words, we’re currently deleting accounts using a workflow and want to use this feature, but there are VIP accounts that shouldn’t be deleted. Is it possible to exclude specific accounts?
Best regards!
Hi @GilbertoOledo14 . You can remove the delete capability per source by removing “delete” from the features set. Additionally, accounts are not deleted if the source also has Access Profiles listed under the Access Profiles tab.
Hi Natalia, thank you for your reply.
I believe our situation is a bit different. We are using Google Workspace as a source and need to delete accounts selectively, not all of them. For example, we may have around 10 accounts in total, but one specific account must be retained for a particular reason, while the remaining 9 should be deleted.
Is there a way to explicitly exclude one or more specific accounts from the deletion process, so that only the intended accounts are removed?
You can use different lifecycle state for this. For eg: the accounts to be deleted are set to “cleanup” lifecycle state based on certain criteria and in the lifecycle configuration make sure the identity state is inactive long term and select the source to be deleted. You have to identify any account or identity criteria to set this specific lifecycle state. This will help to delete certain accounts and retain rest of them.
@GilbertoOledo14 I this case, I’d recommend you use the newly released feature that will allow you to delete accounts selectively: