Best Practice for Creating new BirthRight Role

Hi All,

We have around 20K Identities and we have a requirement to create new birth-right role which will create application account and assign specific role inside the application to existing 20K users. Target application is a WebService based application so we are checking the API limit.

However, we would like to know if there is any impact on SailPoint if it triggers create account/add entitlement operation for all 20K users or what are the best practices we need to follow in such scenarios

I don’t think there would be an issue as Account Provisioning in IDN is sequential, so there will be a delay in between provisionings.

I have done this earlier for around 6K users, I didn’t face any issue.

Maybe you can add extra condition department or location or some other attribute to process the users as a batch.

About 1.5 years ago I saw a demo with 100K identities and it had adverse impacts on the tenant. Things have obviously changed since then, but I agree with @MVKR7T that doing it in smaller batches, at least to start, is probably a better approach to ensure it’s working EXACTLY as expected before turning it loose on 20K identities.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.