API call search query to retrieve created accounts ATTRIBUTE REQUESTS

adyer · March 20, 2023, 4:42pm

Hi,

We have a use case where we need to retrieve the newly AD created accounts attribute request once the accounts are created at the source. Below the search query that we have built, our goal is to call the search api and retrieve those attributes once the account is created. When I do a search in the UI, I can " Access Request" and all the attributes that we need to fetch.

{
    "indices": [
        "events"
    ],
    "query": {
        "query": "Create Account Passed",
        "fields": [
            "name",
            "operation",
            "status"
        ]
    },
    "queryResultFilter": {
        "includes": [
            "name",
            "operation",
            "status",
            "attributes",
            "action",
            "type",
            "target",
            "created",
            "firstName",
            "lastName",
            "sAMAccountName"
        ]
    },
    "filters": {
        "created": {
            "type": "RANGE",
            "range": {
                "lower": {
                    "value": "now-15d"
                },
                "upper": {
                    "value": "now"
                }
            }
        },
        "operation": {
            "type": "TERMS",
            "terms": ["CREATE"]
        },
        "status":{
            "type": "TERMS",
            "terms": ["PASSED"]
        }
    }
}

colin_mckibben · March 21, 2023, 1:00pm

Hi Alex,

Is this a question or are you sharing a solution to a use case you have?

adyer · March 21, 2023, 3:34pm

Hi Colin,

This is a question I had, how can I fetch the attributes and values during account creation for newhire lifecycle state?

colin_mckibben · March 21, 2023, 3:51pm

Try searching on the accountactivities index. events won’t have the attribute information you are looking for. I don’t know the exact query you will need to run to get your lifecycle state change, but here is an example of an Access Request action that resulted in an account being created. You can learn more about the available fields for accountactivities here: Searchable Fields - SailPoint Identity Services

POST /v3/search

Body

{
    "indices": [
        "accountactivities"
    ],
    "query": {
        "query": "*"
    }
}

Response

{
        "requester": {
            "name": "Philip Ellis",
            "id": "2c9180897d2cb80b017d39ccb26c1804",
            "type": "Identity"
        },
        "sources": "Airtable V4, IdentityNow",
        "created": "2023-01-03T16:42:33.817Z",
        "accountRequests": [
            {
                "result": {
                    "status": "IdentityNow Task"
                },
                "accountId": "Manuel.Howell",
                "op": "Modify",
                "provisioningTarget": {
                    "name": "IdentityNow",
                    "id": "IDN"
                },
                "source": {
                    "name": "IdentityNow",
                    "id": "IDN"
                },
                "attributeRequests": [
                    {
                        "op": "Add",
                        "name": "detectedRoles",
                        "value": "airtable v4"
                    }
                ]
            },
            {
                "result": {
                    "errors": [
                        "[ConnectorError] identity cannot be null (requestId: 1ba5679295f84136840b5f76f0ec1b51)"
                    ],
                    "status": "failed"
                },
                "accountId": "Manuel.Howell",
                "op": "Create",
                "provisioningTarget": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                },
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                },
                "attributeRequests": [
                    {
                        "op": "Add",
                        "name": "entitlements",
                        "value": "user"
                    },
                    {
                        "op": "Add",
                        "name": "email",
                        "value": "[email protected]"
                    },
                    {
                        "op": "Add",
                        "name": "password"
                    },
                    {
                        "op": "Add",
                        "name": "department",
                        "value": "Finance"
                    },
                    {
                        "op": "Add",
                        "name": "displayName",
                        "value": "Manuel.Howell"
                    },
                    {
                        "op": "Add",
                        "name": "firstName",
                        "value": "Manuel"
                    },
                    {
                        "op": "Add",
                        "name": "lastName",
                        "value": "Howell"
                    }
                ]
            }
        ],
        "stage": "Completed",
        "originalRequests": [
            {
                "result": {
                    "status": "Manual Task Created"
                },
                "accountId": "Manuel.Howell",
                "op": "Modify",
                "source": {
                    "name": "IdentityNow",
                    "id": "IDN"
                },
                "attributeRequests": [
                    {
                        "op": "Add",
                        "name": "detectedRoles",
                        "value": "airtable v4"
                    }
                ]
            }
        ],
        "expansionItems": [
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "entitlements",
                    "value": "user"
                },
                "accountId": "Manuel.Howell",
                "name": "entitlements",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "email",
                    "value": "[email protected]"
                },
                "accountId": "Manuel.Howell",
                "name": "email",
                "cause": "ProvisioningPolicy",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "lastName",
                    "value": "Howell"
                },
                "accountId": "Manuel.Howell",
                "name": "lastName",
                "cause": "ProvisioningPolicy",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "firstName",
                    "value": "Manuel"
                },
                "accountId": "Manuel.Howell",
                "name": "firstName",
                "cause": "ProvisioningPolicy",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Create"
                },
                "accountId": "Manuel.Howell",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "department",
                    "value": "Finance"
                },
                "accountId": "Manuel.Howell",
                "name": "department",
                "cause": "ProvisioningPolicy",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "displayName",
                    "value": "Manuel.Howell"
                },
                "accountId": "Manuel.Howell",
                "name": "displayName",
                "cause": "ProvisioningPolicy",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "password"
                },
                "accountId": "Manuel.Howell",
                "name": "password",
                "cause": "ProvisioningPolicy",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            }
        ],
        "recipient": {
            "name": "Manuel.Howell",
            "id": "2c9180867dfe6951017e208e37935b10",
            "type": "Identity"
        },
        "action": "Access Request",
        "modified": "2023-01-03T16:42:57.572Z",
        "id": "008a5d185f754d818287fc6cf44f5882",
        "trackingNumber": "46dae271fc4b4a50b12233860f3a46d8",
        "errors": [
            "[ConnectorError] identity cannot be null (requestId: 1ba5679295f84136840b5f76f0ec1b51)"
        ],
        "status": "Incomplete",
        "pod": "stg03-useast1",
        "org": "devrel",
        "synced": "2023-01-03T16:42:57.612Z",
        "_type": "accountactivity",
        "type": "accountactivity",
        "_version": "v7"
    }

adyer · March 22, 2023, 3:30pm

Hi Colin,

yes, this is exactly what I need. Also, I added a filter to only bring the results where op=create and source = active directory and I’m getting other results back. Can you please take a look at my filter. See below:

{
    "indices": [
        "accountactivities"
    ],

    "query": {
        "query": "created:[now-1M TO now] AND @accountRequests(op:Create AND source.name:Sample APP)",
        "fields": ["*"]
    },

    "includeNested": true,
    "queryResultFilter": {
        "includes": ["name","accountRequests","created"]
    }}

Topic		Replies	Views
Is there a way where we can find when the account has been created to an identity using search query or using API call ISC Discussion and Questions	3	247	July 19, 2023
API call or search query to retrieve the list of identities in a Role ISC Discussion and Questions	5	3101	July 19, 2023
Saved Search Queries ISC Discussion and Questions apis , identity-security-cloud	2	277	February 4, 2024
V3 API - Search Accounts ISC Discussion and Questions	5	2506	July 19, 2023
Identitynow Search ISC Discussion and Questions	4	1063	July 19, 2023

API call search query to retrieve created accounts ATTRIBUTE REQUESTS

Related Topics