Symantec IGA

 View Only
  • 1.  Delete User Admin Task using Policy Express

    Posted Sep 18, 2017 08:47 AM

    adawe01  ( Could you point me where I am going wrong Wellington?) 

     

    Hello All,

     

    I am trying to set up a policy using policy express, with the following parameters:

     

    Data: Attribute "Address"

    Condition check: If "Address" is equal to "London" 

                               then

                               Delete User

     

    I am trying to use the "Delete User" Admin task but however I am not able to add the task as an Action Rule when the condition is being satisfied.

     

    I am using "Events" as the policy type.

     

    Can anyone please suggest how to use a admin task in policy express?

     

     

     

     

    Thanks & Best Regards

    Sandipan



  • 2.  Re: Delete User Admin Task using Policy Express

    Broadcom Employee
    Posted Sep 18, 2017 02:09 PM

    Can you please share screenshot of Event & Action Rule tabs? In Action Rule, how are you adding an Admin Task so that it executes for user delete?

     

    Regards,

    Sumeet

     



  • 3.  Re: Delete User Admin Task using Policy Express

    Posted Sep 19, 2017 06:46 AM

    Hi Sumeet,

     

    In Action Rule, I am not able to add the Delete User  Admin Task so that it executes for user delete when the condition "Address=London" is satisfied.

     

    Can you please let me know what are the ways by which we can add an Admin Task to a policy express policy?

     

     

     

    Thanks & BR

    Sandipan



  • 4.  Re: Delete User Admin Task using Policy Express

    Broadcom Employee
    Posted Sep 19, 2017 12:59 PM

    Hi,

     

    Execution of separate Admin Task (Delete User) can't be done at PX Action Rule. Even this is not possible from Identity Policy. I even checked the APIs (to check if BLTH/Event Listener) but don't find any method to delete user.

     

    Option1: Please check the option that losru01  Russi have advised. That way, you can call the Delete User Admin Task via Web Service.

    Option2: Write a BLTH or PX. Within this, you can write custom JNDI java code to delete the user. However, not advisable as this is hard delete & it will have impact on the overall identity management process & its accounts.

     

    Regards,

    Sumeet

     



  • 5.  Re: Delete User Admin Task using Policy Express
    Best Answer

    Broadcom Employee
    Posted Sep 18, 2017 02:43 PM

    Hi Sandipan, 

     

    Have you looked at using TEWS SOAP queries in PX Action to perform actions on the Identity Manager users? 

     

    Make sure your Delete User task is enabled for Web Services. Then just put a SOAP action in your Policy xPress Action. Make sure you use the right IP address for your IM server in the WSDL URL. Below please find a PX action screenshot and Delete User SOAP XML to put in the SOAP request message (make sure you update the credentials, IP addresses, IM environment and other information specific to your IM environment).

     

     

    below is the SOAP Message (replace IM user credentials with the correct ones). The user I am deleting in the below example has the userid of test11, you can use the variables here as in the rest of the policy xpress actions. for example if your variable is getUserID, then put <ns1:Value>{'getUserID'}</ns1:Value> instead of <ns1:Value>test11</ns1:Value> in the below SOAP action:

     

    <?xml version="1.0" encoding="UTF-8"?>
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>
    <admin_id xmlns="http://tews6/xsd/types">imadmin</admin_id>
    <admin_password xmlns="http://tews6/xsd/types">test</admin_password>

    <DeleteUser xmlns="http://tews6/xsd/DeleteUser">
    <ns1:DeleteUserSearch xmlns:ns1="http://tews6/xsd/DeleteUserSearch">
    <ns1:Filter index="0">
    <ns1:Field>%USER_ID%</ns1:Field>

    <ns1:Op>EQUALS</ns1:Op>

    <ns1:Value>test11</ns1:Value>
    </ns1:Filter>

    <ns1:Group xsi:nil="true"/>
    </ns1:DeleteUserSearch>
    </DeleteUser>
    </soapenv:Body>
    </soapenv:Envelope>

     

    KR
    Russi



  • 6.  Re: Delete User Admin Task using Policy Express

    Posted Sep 19, 2017 06:44 AM

    Hey Russi,

     

    I will try this out and let you know, if it worked fine...

     

     

    Thanks & BR

    Sandipan



  • 7.  RE: Re: Delete User Admin Task using Policy Express

    Posted Oct 17, 2019 05:34 AM
    Hi Team,

      I am also facing this issue. I want also delete user through policy xpress. But when i have use given SOAP query it was not working. I am getting below error.

    Error:The test has failed to run with following error: "Failed running web service " which was caused by "null".

    Can you please suggest how to achieve this through policy xpress?

    Thanks,
    Jeevan