{"id":1362,"date":"2023-10-18T12:47:03","date_gmt":"2023-10-18T07:17:03","guid":{"rendered":"https:\/\/www.enhisecure.com\/isecureblog\/?p=1362"},"modified":"2023-10-20T10:23:36","modified_gmt":"2023-10-20T04:53:36","slug":"identity-deletion-in-sailpoint-identitynow","status":"publish","type":"post","link":"https:\/\/www.enhisecure.com\/isecureblog\/2023\/10\/18\/identity-deletion-in-sailpoint-identitynow\/","title":{"rendered":"Identity Deletion in SailPoint IdentityNow"},"content":{"rendered":"\n<p>Identity management (IDM), also known as identity and access management (IAM), ensures that authorized people and only authorized people have access to the technology resources they need to perform their job functions.<\/p>\n\n\n\n<p>And access is managed by the user lifecycle state in IdentityNow. Identity Lifecycle State aims to automate and manage the entire digital identity lifecycle process and access throughout the organization.<\/p>\n\n\n\n<p>Identity lifecycle is a set of stages of the identity from the creation to its deactivation or deletion. It contains a creation of an account, assignment of correct groups and permissions, setting and resetting passwords and in the end deactivation or deletion of the account.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"944\" height=\"622\" src=\"https:\/\/www.enhisecure.com\/isecureblog\/wp-content\/uploads\/2023\/10\/image-4.png\" alt=\"\" class=\"wp-image-1365\" srcset=\"https:\/\/www.enhisecure.com\/isecureblog\/wp-content\/uploads\/2023\/10\/image-4.png 944w, https:\/\/www.enhisecure.com\/isecureblog\/wp-content\/uploads\/2023\/10\/image-4-300x198.png 300w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><figcaption class=\"wp-element-caption\">Figure 1: Identity Lifecycle Management<\/figcaption><\/figure><\/div>\n\n\n<p>Handling the unwanted identities in SailPoint increases the processing time and reduces the usability of the SailPoint tenant. To reduce the process and speed up the work, in tenant only limited and require identities we can handle, handling is easy and processing the limited identities is a less time-consuming process, so we can delete unwanted and terminated users\u2019 identities from SailPoint.<\/p>\n\n\n\n<p>Now, let us have a look at the <a href=\"https:\/\/developer.sailpoint.com\">SailPoint REST API\u2019s<\/a> used in the Identity deletion process. Below is the list of APIs used for Identity deletion in SailPoint IdentityNow:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"944\" height=\"191\" src=\"https:\/\/www.enhisecure.com\/isecureblog\/wp-content\/uploads\/2023\/10\/image-5.png\" alt=\"\" class=\"wp-image-1367\" srcset=\"https:\/\/www.enhisecure.com\/isecureblog\/wp-content\/uploads\/2023\/10\/image-5.png 944w, https:\/\/www.enhisecure.com\/isecureblog\/wp-content\/uploads\/2023\/10\/image-5-300x61.png 300w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><figcaption class=\"wp-element-caption\">Figure 2: &nbsp;REST APIs in PowerShell Script connecting with SailPoint IdentityNow<\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/developer.sailpoint.com\/idn\/api\/authentication\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Authentication<\/strong><\/a>: This is used to create an access Token (Bearer token).<\/li>\n\n\n\n<li><a href=\"https:\/\/developer.sailpoint.com\/idn\/api\/v3\/search-post\"><strong>Search &#8211; Perform Search<\/strong><\/a><strong> <\/strong>(v3 API): This is used to fetch the all \u201c30daysPostTermination\u201d or \u201cterminated\u201d lifecycle state identities.<strong><\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/developer.sailpoint.com\/idn\/api\/beta\/delete-identity\"><strong>Identities- Deletes an identity<\/strong><\/a><strong> <\/strong>(beta API):this is used to delete the identities from SailPoint tenant.<\/li>\n<\/ul>\n\n\n\n<p>And here, we will be using A <a href=\"https:\/\/developer.sailpoint.com\/idn\/api\/authentication#generate-a-personal-access-token\"><strong>personal access token<\/strong><\/a> (PAT) is a method of authenticating to an API as a user without providing a username and password.<\/p>\n\n\n\n<p><strong>Prerequisites for Identity deletion:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\">\n<li>SailPoint REST API\u2019s.<\/li>\n\n\n\n<li>Client ID and Client Secret.<\/li>\n\n\n\n<li>IQservice Server.<\/li>\n<\/ol>\n\n\n\n<p>Now, let us discuss the use case of Identity deletion.<\/p>\n\n\n\n<p><strong>Use Case:<\/strong><\/p>\n\n\n\n<p>All the identities in the \u201c30daysPostTermination\u201d lifecycle state will be deleted from IdentityNow.&nbsp;<\/p>\n\n\n\n<p>The deleted identities would be re-aggregated in the next aggregation cycle as \u201cUncorrelated accounts\u201d in target application, and hence would not affect the new hire creation logic and the SAMAccount name would remain unique as per the requirement and the logic defined.<\/p>\n\n\n\n<p>A <a href=\"https:\/\/learn.microsoft.com\/en-us\/powershell\/scripting\/overview?view=powershell-7.3\">PowerShell<\/a> script will be developed to call the APIs to identify all the Identities in the required lifecycle state i.e. \u201c30daysPostTermination\u201d and will delete the accounts from the HRMS Source for all the Identities.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"886\" height=\"908\" src=\"https:\/\/www.enhisecure.com\/isecureblog\/wp-content\/uploads\/2023\/10\/image-6.png\" alt=\"\" class=\"wp-image-1368\" srcset=\"https:\/\/www.enhisecure.com\/isecureblog\/wp-content\/uploads\/2023\/10\/image-6.png 886w, https:\/\/www.enhisecure.com\/isecureblog\/wp-content\/uploads\/2023\/10\/image-6-293x300.png 293w\" sizes=\"auto, (max-width: 886px) 100vw, 886px\" \/><figcaption class=\"wp-element-caption\">Figure 3: Use Case diagram.<\/figcaption><\/figure><\/div>\n\n\n<p><strong>Steps Overview as per the script:<\/strong><\/p>\n\n\n\n<p><strong>Step1:<\/strong> As part of the <a href=\"https:\/\/learn.microsoft.com\/en-us\/powershell\/scripting\/overview?view=powershell-7.3\">PowerShell<\/a> script first it will read the require details from property file. In property file we can maintain the ClientID, client Secret, base URL, search query, deletion limit, log file path and debug values.<\/p>\n\n\n\n<p><strong>Step2<\/strong>: <a href=\"https:\/\/developer.sailpoint.com\/idn\/api\/authentication\">Authentication API<\/a> will execute to generate the access token.<\/p>\n\n\n\n<p><strong>Step3<\/strong>: Next <a href=\"https:\/\/developer.sailpoint.com\/idn\/api\/v3\/search\">Search API<\/a> will execute and the fetch \u201c30daysPostTermination\u201d lifecycle state identities from SailPoint Tenant.<\/p>\n\n\n\n<p><strong>Step4<\/strong>: One by one Identities will pass to <a href=\"https:\/\/developer.sailpoint.com\/idn\/api\/beta\/delete-identity\">Delete API<\/a> to delete from SailPoint Tenant.<\/p>\n\n\n\n<p>Let us understand Identity Deletion by using SailPoint REST APIs, use cases and automation of the script via windows task scheduler in the following below presentation:<\/p>\n\n\n\n<figure class=\"wp-block-embed aligncenter is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"ENH iSecure SailPoint IdentityNow Identity Deletion Presentation\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/nKsu5ULggt4?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p><strong>Advantages of Identities Deletion in SailPoint IdentityNow.<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\">\n<li>It will increase the usability of the tenant.<\/li>\n\n\n\n<li>It decreases the aggregation and identity refresh process time.<\/li>\n\n\n\n<li>It will fasten the backend processes and reduce the unwanted identity handling.<\/li>\n\n\n\n<li>Reduce the burden on the tenant.<\/li>\n<\/ol>\n\n\n\n<p>When a user got terminated or left the organization, all access will be removed, and accounts will be disabled.<br \/>Now, let us go through a demo on how we can achieve identity deletion in SailPoint IdentityNow.<\/p>\n\n\n\n<figure class=\"wp-block-embed aligncenter is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"ENH iSecure SailPoint IdentityNow Identity Deletion Demo\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/XmNBheIDUAU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Identity management (IDM), also known as identity and access management (IAM), ensures that authorized people and only authorized people have access to the technology resources they need to perform their job functions. And access is managed by the user lifecycle state in IdentityNow. Identity Lifecycle State aims to automate and manage the entire digital identity [&hellip;]<\/p>\n","protected":false},"author":28,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,14,16],"tags":[40,82,62,13,112,85,199,11],"class_list":["post-1362","post","type-post","status-publish","format-standard","hentry","category-identity-governance","category-sailpoint","category-technology","tag-active-directory","tag-identity","tag-identity-governance","tag-identity-management","tag-identitynow","tag-integrations","tag-lifecyclemenagement","tag-sailpoint"],"_links":{"self":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts\/1362","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/comments?post=1362"}],"version-history":[{"count":7,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts\/1362\/revisions"}],"predecessor-version":[{"id":1373,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts\/1362\/revisions\/1373"}],"wp:attachment":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/media?parent=1362"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/categories?post=1362"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/tags?post=1362"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}