By Sharmila Pethe and Nikhil Kale
Problem –
The Application administrator needs some compliance requirements to be satisfied by a user and for which the user access needs to be restricted temporarily.
Solution -
In Cloud Identity the status of user accounts entitled for applications can be temporarily suspended using API. Once the compliance is met the user account can be restored again.
All management of the account status change can be done through the API client in Cloud Identity for all the supported applications, hence the admin does not need to go to individual applications for the same.
Pre-requisite –
- API client with the following permissions is set up on the Cloud Identity tenant.
- Manage application entitlements
- Manage application lifecycles
- Application is configured in the tenant with the user entitled to the application.
API collection for SUSPEND and RESTORE
- The primary API used for this operation is :
POST /v1.0/applications/{applicationId}/accounts/{accountId}/{action}
The API supports 2 actions SUSPEND and RESTORE.
- The applicationID can be obtained by using the API
GET /v1.0/applications
- The accountId for the particular account is obtained using the API
GET /appaccess/v1.0/applications/{applicationId}/accounts
The details of all the available API for Cloud identity are available at –
{{site-hostname}}/developer/explorer/#!/Application_Access/searchApplications
Refer to the postman collection attached for the same is attached for more details:
Cloud Identity Account Suspend Restore API.postman_collection.json
https://www.ibm.com/support/knowledgecenter/en/SSCT62/com.ibm.iamservice.doc/tasks/t_manage_lifecycle.html