SailPoint identity delete

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hello everyone,

I have an urgent requirement and would greatly appreciate your suggestions.

Currently, our SailPoint environment has a number of users exceeding the license limit. We have a large number of inactive users that cannot be deleted at the auth source. Is there any way to reduce the user count or delete identities without relying on the source? Any recommendations would be helpful. Thank you!

2

HI @V-VanishreeC ,
Try to :

  1. Set a filter to auth source to only aggregate Active identities.After that aggregate the source this will remove inactive identities.Remember to uncheck Disable Account Deletion.
  2. If point 1 is not possible , then generate a report of all the inactive identities and use this api to delete them delete-identity | SailPoint Developer Community. You might need a script to fetch identity IDs and call this apis in loop. Once Identities are removed, please do not aggregate SoT again until there is a way to exclude those inactive identities.
2 Likes
3

Hi @gourab ,

Thank you for your suggestion.

The first approach seems feasible for us. However, we have a scenario where we need to retain inactive accounts in SailPoint for a certain number of days(may be 30-60days) after the user becomes inactive. Do you have any ideas on how we can achieve this?

4

Hi @V-VanishreeC ,
You need to use some filter to auth source again but it totally which type of connector you are using for SoT

1 Like
5

Hi @V-VanishreeC

If you’re using Success Factors as source of truth then you would have an option to aggregate inactive accounts which are inactive for sometime lets say 30 days.

There are ways to handle licence usage, I would recommend you to read below document

1 Like
6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.