I’m trying to build a workflow to delete identities based on a scheduled trigger running daily. It’s built to grab a list of identities based on a search query and loop through each identity to grab the ID, then make an HTTP Request to delete the identity.
Is your loop input correct? I see $.getListOfIdentities, but I would expect something like $.hTTPRequest or something like that. If you open the variable selector and choose the Get List of Identities action, it should give you the correct variable name.
I have a similar workflow, with a HTTP request action feeding a loop and my input is: $.hTTPRequest.body
The variable selector in the loop input has the option for the previous Get List of Identities action which defaults to $.getListOfIdentities.identities. When I changed it to $.hTTPRequest.body, it cleared the error but gave no good output when tested. Wondering if the Get Identity action in the loop is configured wrong. I have the input to $.loop.loopInput.
Oh I see - apologies. In the past, I’ve use the HTTP operation action with an API call to the search API. That’s what I assumed when you said you were looking up identities with a search query. The Get Identities action does indeed look like it should be “$.getListOfIdentities.identities” from the variable selector.
What does the configuration for the Get Identity inside of the loop look like. One more question, why have a Get Identity, when you have already retrieved a list of identities that has the id for each of them?
Yeah this is my initial testing that gave the error I mentioned in the initial post. Having it end in .body clears the error but returns no results when I am expecting some. Something is weird with the loop input request and I don’t understand the 404 error.
However, I still don’t understand why you need a get identity in the loop. Just go straight to the delete identity step, passing $.loop.loopInput.id to it. No need for all the additional lookups.
Why you want to delete the identity using workflow? How identity are getting created? Not sure about your use case but it would be good to delete the identity via the source which is creating these identities.
It’s a flat file source and have no way of automated deletion. Otherwise we have identities that stick around for years with no access or source accounts or any needs at all.
I tried various ways to modify parameters such as using ‘filters’ or ‘id’ as the key and giving it the $.loop.loopinput.id variable. Even tried throwing it in the request body and the request URL but no luck. Any suggestions here?
If the source is a flat file and you cannot truly delete the record upstream, then deleting the identity in ISC should usually be paired with some guardrail so it does not get recreated on the next aggregation.
For example, I’d check whether the identity is already uncorrelated / has no active accounts, and whether the flat file feed is still sending that record at all. Otherwise the workflow may succeed technically, but the identity can come back as soon as the source reintroduces it.
So the safe pattern is usually:
confirm the person is no longer present or no longer in scope in the flat file,
verify there are no remaining linked accounts,
then call the delete endpoint with the loop item id.
That makes the workflow a cleanup mechanism, instead of a delete/recreate cycle.
