I am configuring a Web Services SaaS source in Identity Security Cloud and need clarification on how deleted accounts are handled.
In the older Web Services connector, there is a setting:
- Account Delete Status Attribute
- For example: isDeleted=true
So if the delta aggregation response contains an account with isDeleted=true, the connector can treat that account as deleted.
But in the Web Services SaaS connector, I do not see this setting. I only see:
- Account Deletion
- Enable Account Deletion
- Percentage of Deleted Accounts Allowed
My understanding is:
- For full aggregation, deleted accounts are detected when they are missing from the latest full aggregation response.
- For delta aggregation, Web Services SaaS does not appear to have a UI setting to map a delete flag like isDeleted=true.
- So a delta response containing isDeleted=true may only map that value as a normal account attribute, not actually delete/remove the account from ISC.
Can someone confirm the expected behavior?
Questions:
- Does Web Services SaaS support deleted account detection during delta aggregation?
- If yes, where do we configure the delete flag mapping?
Can we use the older Web Services connector with Direct Connection, without considering the VA, as an alternative to Web Services SaaS, or will it not work without VA?
Reference:
- Web Service Saas: Aggregation Settings
- Web Service: Delta Aggregation Settings and Common Configuration
