5.4 Configuring the Delete Account Module

You can configure Self Service Password Reset to allow users to delete their own accounts. By default, Self Service Password Reset does not enable this module. If you enable the Delete Account module, the user web page displays a new tile of Delete My Account. When a user clicks the tile, Self Service Password Reset walks the users through the deleting their accounts.

5.4.1 Enabling the Delete Account Module

Self Service Password Reset allows you to create multiple profiles for the Delete Account module. If you want to create additional profiles for the Delete Account module, see Configuring Profiles.

To enable and configure the Delete Account module:

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor.

  4. Click Modules > Authenticated > Delete Account > Profiles.

  5. Configure the default profile and additional profiles you need for the Delete Account module with help.

  6. Enable the Delete Account module.

    1. Click Modules > Authenticated > Delete Account > Settings > Enable Delete Account.

    2. Select Enable to enable the Delete Account module.

  7. In the toolbar, click Save changes.

If you have configured the New User Registration feature in Self Service Password Reset, when users access the user web page, they can create an account again at any time. For more information, see Configuring the New User Registration Module.

5.4.2 Configuring the Delete Account Module to Delete Accounts from Integrated Products

Self Service Password Reset allows to you do further integration with any integrated product by deleting user account information from the integrated product when a user deletes their own accounts using the Delete Account module.

Self Service Password Reset is able to delete the account information from the integrated products through REST APIs. The integrated products must have defined REST APIs for the delete action that you add as a pre-delete action to the Delete Account module configuration.

By default, the Delete Account module is not enabled and you must enable it to have this functionality in Self Service Password Reset. During the configuration of the Delete Account module, you can configure actions that Self Service Password Reset performs prior to deleting the user account from the user store location.

When you enable the Delete Account module, there is a Pre-Delete Actions option. You can define the REST APIs from the integrated product that delete the user account information from the integrated product when users delete their accounts from Self Service Password Reset.

The following is an example of how to configure Access Manager to delete user accounts from the Access Manager user stores when users delete their accounts from the Self Service Password Reset Delete Account module.The steps are the same for any integrated product, except for the REST call details.

Example of enabling deletes to flow to Access Manager:

  1. Ensure that you completed the integration tasks to integrated Self Service Password Reset and Access Manager. For more information, see Section 9.0, Integrating Self Service Password Reset with NetIQ Access Manager.

  2. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  3. In the toolbar, click your name.

  4. Click Configuration Editor.

  5. Click Modules > Authenticated > Delete Account > Settings.

  6. Enable the Delete Account module, then click Save changes in the toolbar.

  7. Click Modules > Authenticated > Delete Account, then select the appropriate profile for your users. For more information, see Configuring LDAP Directory Profile.

  8. Configure the Delete Account module to contain a pre-delete action:

    1. In the Pre-Delete Actions field, click Add Action.

    2. Specify a descriptive name for the action, then click OK.

      NOTE:This name must not contain any special characters. For example, no spaces are allowed.

    3. Add a description of what the action does.

    4. Select webservice, then click Options.

    5. Define the REST API from Access Manager:

      1. In HTTP Method, select Delete.

      2. In HTTP Headers, click Edit.

        1. Click Add Header.

        2. In the Name field specify Authorization Value and the Value field specify Base64 Encoded admin username:password.

          NOTE:The admin username:password is your Access Manager administrator account that is in the LDAP identity store Self Service Password Reset uses.

        3. Click OK twice.

      3. In URL, specify the REST call for the Access Manager delete the entire user history.

        https://idp-url:8443/nidp/risk/rest/basic/v1/admin/history?userDN=@Encode:urlParameter:[[@LDAP:dn@]]@
      4. Leave the Body field empty. It is only used with POST REST calls.

      5. Click Import From Server to have Self Service Password Reset import the certificate from Access Manager to establish a secure connection.

      6. Click OK.

  9. Ensure that you configure any other appropriate options for your environment, then click Save changes in the toolbar.