API call search query to retrieve created accounts ATTRIBUTE REQUESTS

adyer · March 20, 2023, 4:42pm

Hi,

We have a use case where we need to retrieve the newly AD created accounts attribute request once the accounts are created at the source. Below the search query that we have built, our goal is to call the search api and retrieve those attributes once the account is created. When I do a search in the UI, I can " Access Request" and all the attributes that we need to fetch.

{
    "indices": [
        "events"
    ],
    "query": {
        "query": "Create Account Passed",
        "fields": [
            "name",
            "operation",
            "status"
        ]
    },
    "queryResultFilter": {
        "includes": [
            "name",
            "operation",
            "status",
            "attributes",
            "action",
            "type",
            "target",
            "created",
            "firstName",
            "lastName",
            "sAMAccountName"
        ]
    },
    "filters": {
        "created": {
            "type": "RANGE",
            "range": {
                "lower": {
                    "value": "now-15d"
                },
                "upper": {
                    "value": "now"
                }
            }
        },
        "operation": {
            "type": "TERMS",
            "terms": ["CREATE"]
        },
        "status":{
            "type": "TERMS",
            "terms": ["PASSED"]
        }
    }
}

colin_mckibben · March 21, 2023, 1:00pm

Hi Alex,

Is this a question or are you sharing a solution to a use case you have?

adyer · March 21, 2023, 3:34pm

Hi Colin,

This is a question I had, how can I fetch the attributes and values during account creation for newhire lifecycle state?

colin_mckibben · March 21, 2023, 3:51pm

Try searching on the accountactivities index. events won’t have the attribute information you are looking for. I don’t know the exact query you will need to run to get your lifecycle state change, but here is an example of an Access Request action that resulted in an account being created. You can learn more about the available fields for accountactivities here: Searchable Fields - SailPoint Identity Services

POST /v3/search

Body

{
    "indices": [
        "accountactivities"
    ],
    "query": {
        "query": "*"
    }
}

Response

{
        "requester": {
            "name": "Philip Ellis",
            "id": "2c9180897d2cb80b017d39ccb26c1804",
            "type": "Identity"
        },
        "sources": "Airtable V4, IdentityNow",
        "created": "2023-01-03T16:42:33.817Z",
        "accountRequests": [
            {
                "result": {
                    "status": "IdentityNow Task"
                },
                "accountId": "Manuel.Howell",
                "op": "Modify",
                "provisioningTarget": {
                    "name": "IdentityNow",
                    "id": "IDN"
                },
                "source": {
                    "name": "IdentityNow",
                    "id": "IDN"
                },
                "attributeRequests": [
                    {
                        "op": "Add",
                        "name": "detectedRoles",
                        "value": "airtable v4"
                    }
                ]
            },
            {
                "result": {
                    "errors": [
                        "[ConnectorError] identity cannot be null (requestId: 1ba5679295f84136840b5f76f0ec1b51)"
                    ],
                    "status": "failed"
                },
                "accountId": "Manuel.Howell",
                "op": "Create",
                "provisioningTarget": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                },
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                },
                "attributeRequests": [
                    {
                        "op": "Add",
                        "name": "entitlements",
                        "value": "user"
                    },
                    {
                        "op": "Add",
                        "name": "email",
                        "value": "Manuel.Howell@sailpointdemo.com"
                    },
                    {
                        "op": "Add",
                        "name": "password"
                    },
                    {
                        "op": "Add",
                        "name": "department",
                        "value": "Finance"
                    },
                    {
                        "op": "Add",
                        "name": "displayName",
                        "value": "Manuel.Howell"
                    },
                    {
                        "op": "Add",
                        "name": "firstName",
                        "value": "Manuel"
                    },
                    {
                        "op": "Add",
                        "name": "lastName",
                        "value": "Howell"
                    }
                ]
            }
        ],
        "stage": "Completed",
        "originalRequests": [
            {
                "result": {
                    "status": "Manual Task Created"
                },
                "accountId": "Manuel.Howell",
                "op": "Modify",
                "source": {
                    "name": "IdentityNow",
                    "id": "IDN"
                },
                "attributeRequests": [
                    {
                        "op": "Add",
                        "name": "detectedRoles",
                        "value": "airtable v4"
                    }
                ]
            }
        ],
        "expansionItems": [
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "entitlements",
                    "value": "user"
                },
                "accountId": "Manuel.Howell",
                "name": "entitlements",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "email",
                    "value": "Manuel.Howell@sailpointdemo.com"
                },
                "accountId": "Manuel.Howell",
                "name": "email",
                "cause": "ProvisioningPolicy",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "lastName",
                    "value": "Howell"
                },
                "accountId": "Manuel.Howell",
                "name": "lastName",
                "cause": "ProvisioningPolicy",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "firstName",
                    "value": "Manuel"
                },
                "accountId": "Manuel.Howell",
                "name": "firstName",
                "cause": "ProvisioningPolicy",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Create"
                },
                "accountId": "Manuel.Howell",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "department",
                    "value": "Finance"
                },
                "accountId": "Manuel.Howell",
                "name": "department",
                "cause": "ProvisioningPolicy",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "displayName",
                    "value": "Manuel.Howell"
                },
                "accountId": "Manuel.Howell",
                "name": "displayName",
                "cause": "ProvisioningPolicy",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            },
            {
                "attributeRequest": {
                    "op": "Add",
                    "name": "password"
                },
                "accountId": "Manuel.Howell",
                "name": "password",
                "cause": "ProvisioningPolicy",
                "source": {
                    "name": "Airtable V4",
                    "id": "6bbcc946dd4542d39b9e2fcea632a06f",
                    "type": ""
                }
            }
        ],
        "recipient": {
            "name": "Manuel.Howell",
            "id": "2c9180867dfe6951017e208e37935b10",
            "type": "Identity"
        },
        "action": "Access Request",
        "modified": "2023-01-03T16:42:57.572Z",
        "id": "008a5d185f754d818287fc6cf44f5882",
        "trackingNumber": "46dae271fc4b4a50b12233860f3a46d8",
        "errors": [
            "[ConnectorError] identity cannot be null (requestId: 1ba5679295f84136840b5f76f0ec1b51)"
        ],
        "status": "Incomplete",
        "pod": "stg03-useast1",
        "org": "devrel",
        "synced": "2023-01-03T16:42:57.612Z",
        "_type": "accountactivity",
        "type": "accountactivity",
        "_version": "v7"
    }

adyer · March 22, 2023, 3:30pm

Hi Colin,

yes, this is exactly what I need. Also, I added a filter to only bring the results where op=create and source = active directory and I’m getting other results back. Can you please take a look at my filter. See below:

{
    "indices": [
        "accountactivities"
    ],

    "query": {
        "query": "created:[now-1M TO now] AND @accountRequests(op:Create AND source.name:Sample APP)",
        "fields": ["*"]
    },

    "includeNested": true,
    "queryResultFilter": {
        "includes": ["name","accountRequests","created"]
    }}

Topic		Replies	Views
Is there a way where we can find when the account has been created to an identity using search query or using API call ISC Discussion and Questions	3	479	July 19, 2023
Get - All Account Activities API returning 400.1 error ISC Discussion and Questions apis	3	334	July 19, 2023
Search query to fetch account attributes ISC Discussion and Questions apis , identity-security-cloud	13	188	October 7, 2025
GET /api/v2/access-requests/<id> Non-Public API Deprecations deprecated	0	438	March 2, 2023
Performing a Search using API ISC Discussion and Questions identity-security-cloud	5	131	May 18, 2025

API call search query to retrieve created accounts ATTRIBUTE REQUESTS

Related topics