Automatically run Identity Refresh after role assignment

TMarcianelli · October 1, 2024, 6:53pm

IIQ version 8.3p2

My Question-

Is there an easy way to call the Identity Refresh on a user when they are added to a role so that role and the required roles are provisioned right away? I’m just using a basic Match List and not a script.

Screenshot of my role

I tried to use a script for the assignment rule and include ‘identityService.refreshIdentity’ but I’m not sure if this will work.

import sailpoint.api.SailPointContext;
import sailpoint.object.Identity;
import sailpoint.object.RoleAssignment;
import sailpoint.object.Filter;
import sailpoint.object.QueryOptions;
import sailpoint.api.IdnetityService;
import sailpoint.tools.GeneralException;
import java.util.List;

	public class BusinessRoleAssignmentRule{
		
		public static void main(String[] args) throws GeneralException {
			SailPointContext context = SailPointFactory.getCurrentContext();
			String adGroup = "CN=MyExampleGroup";
			String tonyBusinessRole = "Tony Business Role";
			
			Filter filter = Filter.eq("memberOf", adGroup);
			QueryOptions queryOptions = new QueryOptions();
			queryOptions.addFilter(filter);
			
			List<Identity> identities = context.getObjects(Identity.class,queryOptions);
				
			for (Identity identity : identities){
				RoleAssignment roleAssignment = new RoleAssignment;
				roleAssignment.setIdentity(identity);
				roleAssignment.setRole(context.getObjectByName(Role.class, tonyBusinessRole));
				
				identity.addRoleAssignment(roleAssignment);
				context.saveObject(identity);
				
				IdentityService identityService = new IdentityService(context);
				identityService.refreshIdentity(identity.getID());
			}
		}
	}

enistri_devo · October 1, 2024, 7:37pm

Hi @TMarcianelli,

welcome back to the forum.

A role can be assigned or detected. For automatic assignacion, when an identity meets the necessary requirements, the role will be assigned on refresh. Into refrersh task you must mark this flag:

If you assigned a role through a request, the provisioning start automatically.

Into a BS role, is the same if you a script or a match list or a rule.

Also, if you want refresh on a identity you need to launch a workflow or an Identitizer(I dont know whot is it, I discover writing this post ). In this topic, see the replies of @kjakubiak and @iamksatish.

TMarcianelli · October 21, 2024, 3:22pm

Hi @enistri_devo thanks for your information!

system · December 20, 2024, 3:23pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
POST /api/role/refresh Non-Public API Deprecations deprecated	14	760	September 10, 2024
Issue with Role Assignment Rule IIQ Discussion and Questions identityiq , provisioning	5	59	December 21, 2024
Assignment Rule Not Adding Identities to Role IIQ Discussion and Questions rules , identityiq , provisioning , roles	8	376	June 11, 2024
How to enable "Provision Assignments refresh option" IIQ Discussion and Questions identityiq , provisioning	9	694	December 8, 2023
Script to assign role IIQ Discussion and Questions identityiq , roles	16	603	April 30, 2024

Automatically run Identity Refresh after role assignment

My Question-

Screenshot of my role

Related topics