Act on missing identities after collecting/publishing

Idea ID 2780924

Act on missing identities after collecting/publishing

A potential customer would like to use an identity source that is actually a database view containing only active identities. It is not possible to add historical records or an identity status to this view.

On boarding goes well, new identities result in new role members and fulfillment.
Off boarding is quite hard in this case. The off boarded identities does not show up in the view.
After a new collection and publish, the identity is not in IG anymore.
The accounts that belong to this identity are orphaned and need to be removed manually or via a review.

Is it possible, for this use case, to act on missing identities after collecting/publishing?
This can be an automatic report showing all missing identities, or a fulfillment action for the accounts and permissions.
Not sure if this should be automatic, resulting in a lot of removed users when a collection fails and collects zero identities...
Maybe just keep the off boarded identities visible with their corresponding accounts and tag them as deleted.
Then you can start reports or fulfillment on those 'ghost' identities, instead of on all the orphaned accounts.

If the collection went wrong, fix it and the 'ghost' identities become 'normal' again.

This approach makes it easier to connect to identity sources that are more basic, like database views.
1 Comment
Absent Member.
Absent Member.
The University of Michigan has a similar need. In our case, we would want to deprovision permissions for identities that disappear so that permissions are removed from applications.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.