does roles and access profiles (accounts with accesses from target apps) are deleted when identity profile is deleted? or does accesses still stay in target apps though identity profile is deleted. And is there any procedure accesses still exist thought identity profile is deleted?
Hi @shaffusailpoint !
Deleting an identity profile will not affect roles or access profiles.
2 Likes
Thank you Vincent. identities still have access right?
Unless the said Access Profile is mapped to a an LCS the deletion of IdentityProfile will encounter error mentioning that you have to remove the reference Access Profile within it.
If the Access Profile is not associated with the Identity profile being deleted then no issues nothing will be affected.
2 Likes
I have one more doubt please, in this case if authoritative source is deleted does accesses of identities still be there in target apps (for example in some AD, jdbc, etc sources)
Yes, Access on the end target system would stay as is.
Yes, target systems will not be affected, and the caveat @shaffusailpoint mentioned is a good one, thanks for adding that!
1 Like
Let say authoritative source is deleted and accounts are orphan and in non authoritative sources are uncorrelated or access of target system is not affected.
Now the scenario is authoritative source is deleted by mistake, later again same authoritative source is created and its respective identity profile. Does in place of orphan accounts new accounts are going to be created or not? kindly let us know please
If I understand correctly, if the authoritative source is deleted the accounts from the authoritative source would not be orphaned, they would be removed from ISC completely, but the downstream accounts may be orphaned if they don’t fit correlation criteria for any other identities from another identity profile. If a new authoritative source and identity profile are onboarded, and the correlation criteria fit those new identities, then those orphaned downstream accounts would be correlated to the new identities. Also, the new authoritative source would have new accounts.
Does that make sense?
1 Like
Couple additional details
- you cannot delete a source if there are identity profiles, access profiles, etc configured to use that source. ISC will block that operation.
- if you delete a single account from an authoritative source, the identity is not completely removed, it’s orphaned, you can’t see it from the UI but it’s still out there and retrievable via api. If you restore the account on the auth source, identity will be back with the same identity id.
- if you delete an identity profile and the identity in question is also a member of a lower ranked idp on another source, identity would migrate to that idp and all linked accounts and objects would remain unchanged
2 Likes
perfect, thank you!!
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.