Want to disabled accounts for all identites that has particular application

Which IIQ version are you inquiring about? 8.3 p3

Share all details about your problem, including any error messages you may have received.

We have an jdbc application that is decommisioned and the connection is also not working, now we want to disable all the identites that havs this application in IIQ,
I tried setIiqDisable method, but the changes are not reflecting in the ui level

This is the code i wrote:

import sailpoint.object.Application;
 
  import sailpoint.object.Link;
 
  import sailpoint.object.QueryOptions;
 
  import sailpoint.object.Filter;
 
 
  String appName = "BaNCS";
 
  Application apps = context.getObjectByName(Application.class, appName);
                       
  QueryOptions qo = new QueryOptions();
 
  qo.add(new Filter[] { Filter.eq("application", apps) });
 
  Iterator it = context.search(Link.class, qo);

  if(it != null) {

    while(it.hasNext()) {

      Link link = it.next();

      link.setIiqDisabled(true);

      context.saveObject(link);

    }

  }

  context.commitTransaction();

Any suggestions would be really helpful.

you just want to show them as disabled in Identityiq or you want to disable those on the target system as well? the code which you have given here seems to be only disable in Identityiq but on the next aggregation it will start showing account as active as these are not disabled on target system.

Hi @chravikiran

You can prepare for all this accounts provisioning plan, that will work only if the application supports disable operation.
You can also define some Disable Provisioning Policy under Application configuration.

private static ProvisioningPlan prepareDisableADProvisioningPlan(Application app, Link link, Identity identity) {
		ProvisioningPlan                plan = new ProvisioningPlan();
		ProvisioningPlan.AccountRequest acc  = new ProvisioningPlan.AccountRequest();
		acc.setApplication(app.getName());
		acc.setOperation(ProvisioningPlan.AccountRequest.Operation.Disable);
		acc.setNativeIdentity(link.getNativeIdentity());
		plan.setIdentity(identity);
		
		/* This code is depending on application - here Active Directory example
// this part can be skipped if you define Disable Provisioning Policy Form
		acc.add(new ProvisioningPlan.AttributeRequest("msExchHideFromAddressLists", ProvisioningPlan.Operation.Set, true));
		acc.add(new ProvisioningPlan.AttributeRequest("IIQDisabled", ProvisioningPlan.Operation.Set, true));
		acc.add(new ProvisioningPlan.AttributeRequest("userAccountControl", ProvisioningPlan.Operation.Set, 514));  // Assuming 512 is the value for enabled account 
		plan.add(acc);*/
		
		return plan;
	}

And later on you have to run the provisioning plan

Hello @chravikiran
Instead of setIiqDisabled , try using the “link.setAttribute("IIQDisabled", true); ”

Let me know if that works.

Thank You,
Raju

Hi @chravikiran Instead of link.setIiqDisabled(true); try link.setDisabled(true);

<?xml version='1.0' encoding='UTF-8'?> import java.util.ArrayList; import java.util.Date; import java.util.List; import sailpoint.object.*; import sailpoint.object.QueryOptions; import sailpoint.object.Filter; import sailpoint.connector.*; import sailpoint.api.*; import sailpoint.server.Auditor;

import sailpoint.object.AuditEvent;
ProvisioningPlan plan=new ProvisioningPlan();
List ids=context.getObjects(Identity.class);
for(Identity id:ids)
{
List app=id.getLinks();
for(Link l1:app)
{

String appppp=l1.getApplicationName();
if(appppp.equals("AD"))
{
l1.setAttribute("IIQDisabled","true");
  context.saveObject(l1);
  System.out.println(l1.isDisabled());
}
}
}
</Source>

Hi Ravi,

This code sample should do the trick. It gets all BaNCS links. It then creates a plan to disable the account and executes those plans. Please let me know if this works for you.

import sailpoint.api.Provisioner;

import sailpoint.object.Application;
import sailpoint.object.Filter;
import sailpoint.object.Link;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.QueryOptions;


QueryOptions qo = new QueryOptions();
qo.add(Filter.eq("application.name", "BaNCS"));

List plans = new ArrayList();
Iterator it = context.search(Link.class, qo);

if(it != null) {
  while(it.hasNext()) {
    Link link = it.next();

    ProvisioningPlan plan = new ProvisioningPlan();
    plan.setIdentity(link.getIdentity());

    ProvisioningPlan.AccountRequest accountRequest = new ProvisioningPlan.AccountRequest();
    accountRequest.setApplication(link.getApplicationName());
    accountRequest.setOperation(ProvisioningPlan.AccountRequest.Operation.Disable);
    accountRequest.setNativeIdentity(link.getNativeIdentity());

    plan.add(accountRequest);

    plans.add(plan);

    context.decache(link);
  }
}


Provisioner provisioner = new Provisioner(context);
for(ProvisioningPlan plan : plans) {
  provisioner.execute(plan);
}

return true;

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.