IBM Security Verify

We have one requirement and hope you can guide us in that.

We have 2 type of persons our environment.
one is "ISIMContractor" and other is "ISIMPerson" both are inherited from "Person" type.

Now we have created a person of type "ISIMContractor" and assigned few account to him lets say 5 accounts(AD account, Salesforce account etc.) and same we can see these 5 accounts under his manage account screen.

Now we created the same person as "ISIMPerson" as his role in the organisation is changed.

Now we want to assign all his old accounts to new "ISIMPerson" person and would like to inactivate the old "ISIMContractor" person type.

I hope you understood the requirements, Please let me know if you have something available or possible for this requirement.




------------------------------
Deepak Singla
------------------------------

Here is what I would do :
First I will do and record all the steps in the Console needed to perform the changes - that would (high level with out knowing your implementation) be something like :

1. Identify the old user to be deleted
2. For each account - transfer account to new user
3. Delete old user

I would then look if something could go wrong in that process (when you transfer an account it should be updated according to policies applying for the new user). I would then look into how I would want to implement it (custom UI, workflow or external e.g. SDI) to size the effort and also evaluate if this SHOULD be implemented or just handled as a manual process. This means looking into what APIs could be used and how to call them etc. 

In general my advice is not to implement this as a process - it is not something simple to do unless you have a lot of experience in coding with ISIM internal APIs and there could be a lot problems. Normally the rule should be that a new Identity should NOT inherit another (old) Identities accounts as this may be a security issue on top of the technical challenges...

HTH

------------------------------
Franz Wolfhagen
WW IAM Consulting Leader - Certified Consulting IT Specialist
IBM Security Expert Labs
------------------------------

Original Message:
Sent: Thu January 12, 2023 08:25 AM
From: Deepak Singla
Subject: Person Type Conversion - Via Scripting

We have one requirement and hope you can guide us in that.

We have 2 type of persons our environment.
one is "ISIMContractor" and other is "ISIMPerson" both are inherited from "Person" type.

Now we have created a person of type "ISIMContractor" and assigned few account to him lets say 5 accounts(AD account, Salesforce account etc.) and same we can see these 5 accounts under his manage account screen.

Now we created the same person as "ISIMPerson" as his role in the organisation is changed.

Now we want to assign all his old accounts to new "ISIMPerson" person and would like to inactivate the old "ISIMContractor" person type.

I hope you understood the requirements, Please let me know if you have something available or possible for this requirement.




------------------------------
Deepak Singla
------------------------------