(updated) Remove person objects that are Ready for Deletion

IID LogoIn my lab environment I perform regularly Joiner, Leaver and Mover (JLM or On boarding/Off boarding) actions.

Afbeeldingsresultaat voor joiner leaver mover

Because, I frequently remove persons from my Identity Director environment the list under “Ready for Deletion” can become quite long.

To amend this problem I’ve created an Ivanti Automation Module to remove the persons that are placed under Ready for Deletion.

The first time I created this blog post I used a Runbook that removed the Ready for Deletion person objects with a method (SQL Statement) that is best described as killing a fly with a sledge hammer. Since then I’ve put in some time to learn about the Public API that is build into Identity Director.

This API is not enabled by default. To enable this API you have to perform the following task:

1. Navigate to the following folder on the server that has the Identity Director Web Console installed.

2020-10-11 15_21_54-192.168.0.104 - Remote Desktop Connection

2. Open the WebConsole.config file.

3. Add the following line

2020-10-11 15_23_31-192.168.0.104 - Remote Desktop Connection

4. To verify it is al working navigate to the following URL: https://FQDN/IdentityDirector/Swagger. If the API is enabled you should see the following:

2020-10-11 15_30_05-192.168.0.103 - Remote Desktop Connection

 

This API also has an operation to delete the person objects that are listed as Ready For Deletion. I’ve created a PowerShell script that calls this function.

2020-10-11 15_38_17-192.168.0.103 - Remote Desktop Connection

The script first logs on to the API and then calls the operation to delete the users that are listed as Ready for deletion. The variable $delete captures the output of the operation. This output can be used to inform the admin performing the task.

I’ve created a Ivanti Automation Runbook for this script and then I’ve created an entitlement in Identity Director, to call this Runbook and to present the created output.

2020-10-11 15_49_09-192.168.0.103 - Remote Desktop Connection

The above workflow takes the following steps:

1. Ask the requester if he/she is sure that he/she wants to perform this action.

2. Run the script

3. Present the output.

2020-10-11 15_54_09-192.168.0.103 - Remote Desktop Connection

In the above image you see the request for approval to perform the requested task.

2020-10-11 16_07_47-192.168.0.103 - Remote Desktop Connection

In the above image you see the message that was presented to the requester once the task is completed. By using the API to delete the person objects that are listed under Ready For Deletion you are assured that the objects are deleted in the correct way.

 

 

 

 

 

Leave a Reply