I am trying to delete account in target application once the last role is been removed from SailPoint.
I have build the event config at source level like below.
“cloudServicesIDNSetup”: {
“eventConfigurations”: [
{
“eventActions”: [
{
“Action”: “ChangeOperation”,
“Attribute”: null,
“Value”: “Delete”
}
],
“Operation”: “Modify”,
“Entitlement Cardinality Update Triggers”: [
{
“Attribute”: “GroupID”,
“Value”: null,
“Operation”: “LastRemoved”
}
]
}
]
},
However I am receiving the error that user still has the group so can’t delete the account, actually I am removing the last role which has last group of application from the account in SailPoint.
Hi @FaizullahShaik, I had a similar use case and the code you have above should work. I would check your HTTP operations and make sure your delete operation is correct.
Another thing to check is if GroupID is the attribute name for entitlements on the source.
Are you removing the role through SailPoint? If it is locally removed SailPoint will likely just add the entitlement back.
The issue could be stemming from SailPoint needing an aggregation to see that the entitlement was removed.
Yes you’re correct that It should work coz we have same condition in other sources as well and it is working there, but in this case I need to first remove the groups from user account then only I can able to delete the account.
I am able to remove the groups separately without involving deletion api call, but when I am trying to remove last group including deletion method then I am receiving an error.
