Hi Team,
We have requirement for webservice connector where we need to remove the roles from the user and disable the user.
I think we can achieve using WebServiceBeforeOperationRule but does anyone can suggest how to implement using WebServiceBeforeOperationRule and steps to be followed?
Thanks
Kalyan
Thanks
Kalyan
Hi,
You can create the rule using below documentation.
After creation you need to attach the rule to webservice operation.
Let me know if you looking for any specific scenario.
Thanks,
Abhinov
Hi @Abhinov7 thank you for your reply and could you please provide any code to remove the roles from the user and disable the user other than documentation rule at Web Services Before Operation Rule | SailPoint Developer Community
Thanks
Kalyan
Hi,
Can you let me know your exact requirement?
Are you trying to remove roles directly on target/ or you want to remove roles using ISC.
Thanks,
Abhinov
Hi @Abhinov7 thanks for the reply.
My requirement as per below:
Whenever user leaves/departs from the company we need to remove the roles associated with that user related to the target web service application and disable the user on the target web service application. I think we may not be able to achieve using HTTP remove and disable operation as we may not combine two different operations in a single HTTP operation. How can we achieve using Web Service Before operation rule and any sample code and steps to be followed.
Thanks
Kalyan
Hi,
You can configure disable account operation and remove entitlement operation on webservices.
When LCS changed to resigned, disable the webservices application. As part of disablement you can remove groups as well.
In this case you need a before provisioning rule. This cannot be achieved with WSBO.
I have attached the generic rule. Change it according to requirement.
Generic.java (1.9 KB)
Thanks,
Abhinov
Hi @kalyannambi2010 as @Abhinov7 says you can use before provisioning rule for disabling the account and remove groups when user terminate.
I have tried with Webservice Operation Rule but it not works for me.
So better you can write an before provisioning rule or you can get help with Sailpoint Expert Service to deploy the default rule “Service Standard Before Provisioning Rule”
Please refer the below post for more info
Thanks,
Shantha Kumar
Hi @Santhakumar thank you for the update and can before provisioning rule be applied to webserice connector?
Thanks
Kalyan
Hi @Abhinov7 thank you for the update and can before provisioning rule be applied to webserice connector?
Thanks
Kalyan
Hi,
Yes you can apply the before provisioning rule to webservice connector. But it would be a cloud rule. We need SailPoint support help to deploy rule into tenant.
Thanks,
Abhinov
Yes you can use the rule for webservice connector. However you can use the Service Standard Rule by importing into your tenant with the help of sp-config.
Use the below link to download the rule from Mock Project:
https://community.sailpoint.com/t5/IdentityNow-Forum/IdentityNow-Mock-Project-Services-Standard-BeforeProvisioning/td-p/216158
If you want the updated rule you can contact Sailpoint Support Service as @Abhinov7 says.
Thanks,
Shantha Kumar
Hi @Santhakumar and @Abhinov7 thank you for the update.
Thanks
Kalyan