Replaced by:
Hello - i do use this endpoint on rare occasion, but i do have an important use case.
Example - many users were created in SourceA via RoleA, with account names created in SourceA based on Identity Attributes. For whatever reason, the Identity Attribute values need to be modified, and thus so do the account names. I would use this API to remove the accounts from all impacted users (in IDN only, downstream account cleanup handled separately), and upon refreshing the identities a new account is created in SourceA with the new Identity Attribute values.
We use this API for the following reasons
1: The authoritative source uses delta aggregation. Some legacy archived accounts are in wrong data formats and are causing errors. We want to remove them from our source in IdentityNow, while keeping them in the authoritative source. Only when the account changes on the authoritative application, do we want to receive the information again (through delta aggregation).
2: When you want to delete a random source (not necessarily an authoritative source), but that source happens to have accounts belonging to identities that happens to be owners of other sources, then deleting the source fails, even though the identities will not actually be removed, only their accounts from the single source that we want to delete. Resetting the source have similar issues. As workaround, we use this API on the accounts belonging to source owners first, and then delete the source. This workaround is not possible anymore when the API is gone. Will the UI still support removing an account from IdentityNow (and allowing it to get back through aggregation)?
3: I know we have also used this in the past for other reasons, but I can’t recall them anymore.
Kind regards,
Angelo
Hi @colin_mckibben , will there be any replacement API for /cc/api/remove/account ?
I realize that there won’t be a replacement for this API before the end of March, but my question is if there is a workaround?
Currently we are using this API for the following: This is a picture of the old UI that is still using this API. We use it to remove an Account from an Identity.
Of the course the new UI is missing this:
Does anyone have a workaround for removing Accounts from an Identity?
Hi Bakhari,
Thank you for your message,
We were told that while the APIs got deprecated, the UI buttons would stay. So for the cases where we needed this API for only a few accounts, we would, as workaround, replace an automated step by a manual step where we would use the UI button for this. If we needed this API for many accounts, there was no suitable workaround.
It seems that with the new UI update, we also lost the functionality through the UI. So we are lost on this as well now.
It seems that the new UI missed more functionality that the older UI did have, but I will create a separate forum post for this.
It would be great if this functionality can be both added back on the UI, and get extended as API.
We do receive a list of used APIs from our CSM, and I assume others get this as well, but upon closer inspection, it seems this list is incomplete, they only included the APIs that is widely used by many tenants. This particular API, while being used only occasionally, is nevertheless very important, especially since there is no replacement. Infrequent use of an API does not always imply that it is an unneeded, low priority API.
Kind regards,
Angelo
Looks like the product team is working on an API replacement for this endpoint.
nice! So the current workaround is there is no workaround? So we just have to leave Identities attached to accounts?
@colin_mckibben Do we have to consider this as a bug from the new UI and open a ticket to support ?
A public replacement for /api/account/remove is expected to be released by the end of March, 2024. In order to give users more time to migrate to the public endpoint, the turn-off date for /api/account/remove will be extended to June 14th, 2024.
I’m still not seeing the “delete” option in my Sailpoint sandbox instance…
And I’m struggling to use it in Postman:
does anyone know what the parameters are?
I really need to remove the accounts from these Identity’s so that I can continue to test my rules
“https://<tenant>.api.identitynow.com/beta/accounts/<account id>/remove”
You can get the account id by using:
“https://<tenant>.api.identitynow.com/beta/accounts?filters=identityId eq <identity id>”
Locate the account id at the end of each account object ‘“id”: “…”’,