Hi ,
We are having application that is requiring me to delete an account and recreate it in some cases rather than updating the existing account.
Could anyone provide an approach for the above mentioned scenario.
Thanks,
Akash
Hello Akash,
There’s two options for you:
- You could go for an account selector rule. This is a rule that is configured at role level, allowing you to tell IIQ to create a new account. It however does not tell IIQ to delete the old one.
- You can implement a before provisioning rule that specifically checks if a certain entitlement (your ‘some case’) is added. If the case is detected, it can manipulate the provisioning plan to do the needful. I have added a code sample below:
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.Operation;
ProvisioningPlan newPlan = new ProvisioningPlan();
// Flag to check if the specific entitlement is present
boolean specificEntitlementAdded = false;
// Check if the specific entitlement is added in the original plan
for (AccountRequest accountRequest : plan.getAccountRequests()) {
if (accountRequest.getAttributes() != null && accountRequest.getAttributes().containsKey("entitlementName")) {
Object entitlementValue = accountRequest.getAttributes().get("entitlementName");
if ("specificEntitlementValue".equals(entitlementValue)) {
specificEntitlementAdded = true;
break;
}
}
}
if (specificEntitlementAdded) {
for (AccountRequest accountRequest : plan.getAccountRequests()) {
// Create a delete request for the existing account
AccountRequest deleteRequest = new AccountRequest();
deleteRequest.setApplication(accountRequest.getApplication());
deleteRequest.setNativeIdentity(accountRequest.getNativeIdentity());
deleteRequest.setOperation(Operation.Delete);
newPlan.add(deleteRequest);
// Create a create request for the new account
AccountRequest createRequest = new AccountRequest();
createRequest.setApplication(accountRequest.getApplication());
createRequest.setNativeIdentity(accountRequest.getNativeIdentity());
createRequest.setOperation(Operation.Create);
createRequest.setAttributes(accountRequest.getAttributes());
newPlan.add(createRequest);
}
// Add other attribute requests from the old plan to the new plan
for (ProvisioningPlan.AttributeRequest attributeRequest : plan.getAttributeRequests()) {
newPlan.add(attributeRequest);
}
return newPlan;
} else {
// If the specific entitlement is not added, return the original plan
return plan;
}
The above rule can be used as a before provisioning rule. It checks if the plan contains a specific entitlement. If so, it creates a new plan with a delete request for the existing account and a create request for a new account, containing the entitlements from the original plan. Please bear in mind that your application definition needs to support these operations.
Kind regards,
Pieter.