This section provides the details required for aggregating the user accounts.
For more information about aggregation, refer to Loading Account Data.
If we only want to pull in accounts that have an assigned User Level (above the base User level), Governance Group, or Role, as opposed to having accounts for every identity on this source, what would be the appropriate query to use?
Totally! It would be great to have some examples in the document for common scenarios like the one Zach mentioned.
It is not clear which search syntax is expected here. Is it the same syntax as used on the Search page? As suggested by Zach and Gaurav: please add some examples in the documentation.
After using a webhook I was able to find the API endpoint the source is trying to reach for Governance groups: beta/workgroups?filters=*&limit=200&count=true&offset=0
I used “*” for test as a query which didn’t work. Meaning should use the API filters: list-workgroups | SailPoint Developer Community .
It is expected to work this way but some examples are always welcome because in general, the way sources interact with the target systems are a black box depending on the target system. Actually finding the API calls is troublesome in most cases.
Hello Everyone, we are in process of updating this page with examples and minor modifications. We will update the label as Filters and not the query.
Meanwhile, I am sharing few examples here.
Account Aggregation Filter can work for following attributes id and operators,
| Attribute | Operator |
|---|---|
| id | eq, in |
| name | eq, sw |
| eq, sw | |
| firstname | eq, sw |
| lastname | eq, sw |
For example, to filter account name start with ISCUser, you can use the filter as, name sw “ISCUser”.
Role Aggregation Filter can work for following attributes id and operators,
| Attribute | Operator |
|---|---|
| id | eq, in |
| name | eq, sw |
| requestable | eq, sw |
For example, to filter roles which are requestable, you can use the filter as, requestable eq “true”.
Governance Groups Aggregation Filter can work for following attributes id and operators,
| Attribute | Operator |
|---|---|
| id | eq, in |
| name | eq, sw |
For example, to filter Governance Groups name start with ISCGroup, you can use the filter as, name sw “ISCGroup”.
For aggregating all the data, you can leave the field as blank. Thanks!
Hi @zachm117, all these fields are for specific objects like accounts, roles and governance groups. There is no such available ways as of now to filter the accounts that have an assigned User Level (above the base User level), Governance Group, or Role. Thanks for the feedback.
Sure @gauravsajwan1, please check my earlier comment. Thanks.
Added in my previous comment. Thanks, @wim_deswerts.
Is this connector only good for those customers that have ISC Business or Business Plus subscriptions? Our organization is still on a module plan. I attempted to configure it and received a failed connection error. The PAT was created with exactly the listed permissions. I then changed the PAT to sp:scopes:all. Recreated the PAT with sp:scopes:all and still getting the error. I know the credentials were entered correctly in the configuration. What I didn’t do was enter anything in the query filters. I left that blank.
Test Connection Failed
We have detected an error from the managed system.
Error Received:
[ConnectorError] Error while generating token: [Possible Suggestion] Bad client credentials (requestId: a32d5b89f082463cb9133eae7b168242)
Hi @RArroyo, this connector is available for everyone without any restrictions. I am not sure what can be the specific issue here that you’re facing as ideally, it should work.
Please check your API URL as well. If still there is any issue, please raise a support ticket.
Thanks!
Is each aggregation filter required in order for Account Aggregation to succeed? Currently facing issue where aggregations are timing out in our Sandbox environment.
Hi @AHavenar, no, it is not required. Aggregation Filters are optional filter statement.
Can you please check your account and entitlement schema, if the source is created earlier and you are not interested to manage roles, you can remove it and then perform the account aggregation.
Alternately, you can create a new source and perform the aggregation again. If still there is issue, please open a support ticket and share the configuration details.
Thanks!
That did it. Removed Roles and Governance Groups from entitlement types and account schema and it is working now.
Thank you!