Workflow - Remove access and disable accounts

Dharani_01 · September 19, 2024, 6:00am

We are working on a termination workflow in which the user’s account gets disabled along with access removal. We want this termination to remove access only for some specific sources, where we can filter access based on source name or source ID

However, the search query I’m using to filter these applications isn’t producing the expected results.

{
“query”: {
“query”: “@accounts(source.name:SAP) OR @accounts(source.name:SAP_GRC) OR @accounts(source.name:SAP_HANA)”
},
“sort”: [
“name”
]
}

Please let us know if you have a better approach.

gourab · September 19, 2024, 6:09am

Hi @Dharani_01 ,
Use get Accounts actions and after that use manage accounts to disable specific sources. use this json path to detect specific sources $.getAccounts.accounts[?(@.sourceName==‘sourceName’)].id

zeel_sinojia · September 19, 2024, 8:00am

Hey @Dharani_01,

You are planning to disable the accounts of user using a workflow. Have you tried using Lifecycle States ?

You could perform disable/delete operation based on the lifecycle user’s identity. If the identity status is updated to Terminated, it will automatically disable the accounts in the specified source.

adamian · September 19, 2024, 8:29am

I think that using single quotes in the JSON Path is incorrect, and "..." should be used.
You can see that single quotes don’t work correctly if you have a ) in your source name.

nhassan · September 19, 2024, 11:31am

Hi @Dharani_01

Can you try testing this search query to filter the accounts from specific sources?

{
    "indices": [
        "identities"
    ],
    "query": {
        "query": "@accounts(source.name:'SAP') OR @accounts(source.name:'SAP_GRC') OR @accounts(source.name:'SAP_HANA')"
    },
    "queryResultFilter": {
        "includes": [
            "name", "id"
        
        ]
    }
    }

Also, if you want to remove their access profiles from specific sources then you can use this filter in the Loop Input.

$.hTTPRequest.body[0].access[?((@.type == "ACCESS_PROFILE" && @.source.name == "SAP") || (@.type == "ACCESS_PROFILE" && @.source.name == "SAP_GRC") || (@.type == "ACCESS_PROFILE" && @.source.name == "SAP_HANA")]

Hope this would help.

Thanks

Dharani_01 · September 19, 2024, 12:33pm

Hi @nhassan ,

thanks, I was looking into the same. Additionally, in that query, can I include filter for specific users? For example, if a particular user has accounts in any of the sources, I need the that particular source name to be included in the query output. Is that possible.

nhassan · September 25, 2024, 3:44pm

@Dharani_01 Sorry for the late reply.

You can try using these search queries that should give you accounts of a specific user including sources names/Ids and then apply an operator to get/compare the desired results and then proceed with next steps in the workflow.

{
    "indices": [
        "identities"
    ],
    "query": {
        "query": "id:Id_of_the_Identity"
    },
    "queryResultFilter": {
        "includes": [
            "id", "displayName", "email", "accounts"
                   ]
}
}

OR

"query": "id:{{$.trigger.identity.id}}"

OR

"query": "attributes.title: \"IAM Engineer\""

Topic		Replies	Views
Disable Accounts in Bulk using workflow ISC Discussion and Questions workflows , identity-security-cloud	13	75	September 25, 2024
Bulk disable account for source ISC Discussion and Questions workflows , identity-security-cloud	6	30	November 9, 2024
Use Loop in Workflow to Disable a account in a source ISC Discussion and Questions workflows , identity-security-cloud	18	38	October 4, 2024
Workflow - Remove Entitlements from selected source ISC Discussion and Questions workflows , identity-security-cloud , entitlements	19	1942	October 24, 2023
Workflow to check specific source account is disabled ISC Discussion and Questions workflows , identity-security-cloud	5	79	September 28, 2024

Workflow - Remove access and disable accounts

Related topics