Remove Identity from IDN on lifecycle state change

Hello, I am trying to use workflows to remove an Identity from IDN when the lifecycle state is equal to a specific value. I was not able to locate a workflows action that can let me remove the identity. Has anyone done something similar and can help me implement a solution?

Hello @Nadim, you can use Services Standard Before Provisioning Rule to delete the account from Authoritative source upon lifecycle state change and add a filter so that the same account is not re-aggregated.

1 Like

I would argue it is better to leave the identity in the system.

Aggregated accounts which belong to deleted identities become uncorrelated, and this exacerbates uncorrelated accounts, and harder to resolve the risk they pose.

It’s better to keep the identity around, in a disabled or inactive state, with all accounts associated. This way you are make sure those accounts stay disabled. Or if an identity ever is re-activated (as we commonly see in a re-hire scenario) the existing accounts can be reactivated or re-provisioned.

Last, inactive identities do not count towards licensing, typically.

3 Likes