Is there a way to process many (hundreds) of identities at the same time. The identities all share an attribute (Department). I figured out how to search for them and create a tag for all of them but I’m not seeing how I can process all their identities or do an identity refresh.
I would assume it’s not so hard to do, but I’m not finding anything in the documentation that quite matches what I’m looking for.
Hi Jared,
You can do the below to refresh the bulk identities.
Hope this helps you.
Hi @jared-fox,
Good Day!
If you want refresh the bulk of identities you can do by API.
Method : POST
URL
{baseurl}/v3/identity-profiles/:identity-profile-id/process-identities
Screenshot:
Body:
"refreshArgs": {
"correlateEntitlements": "true",
"promoteAttributes": "true",
"refreshManagerStatus": "true",
"synchronizeAttributes": "true",
"pruneIdentities": "false",
"provision": "true"
}
}
Screenshot:
If you want get more information you use the below link:
Thank you!
Hi Abhishek,
Thanks! So, the source these users are associated with is a delimited file. When I looked at the identity profile I didn’t see an option to process the identities (which is why I assume you have to use the API) So here’s a question: Can identities related to disconnected sources be processed or refreshed? (Are processing and refreshing the same thing?)
If I follow what the other user, Suresh, suggested, which is to get the IDs of the users and identify them in bulk using the Identity Processing API, will it work for refreshing identities on a disconnected source? This whole thing is nebulous to me so I apologize if my questions are kind of unclear.
Hey Suresh,
I touched on this in my reply to Abhishek and wanted to ask you as well. If I pull all the identities IDs and use the Identity Processing API for them, will it update identity attributes in a disconnected source? The source we are having trouble with is disconnected.
Sorry, I’m kind of a newb with this stuff. How Identity processing works(is it the same thing as a refresh), how it works with identity profiles, how it works with disconnected sources, is all kind of confusing to me still.
If I enact your plan, my plan is to use an api call to list all identites and filter out user belonging to the affected department. Then filter out their IDs (all with powershell). Then load those into the Identity processing API.
Thanks
Hi Jared,
The given API is nothing but an identity refresh via API which recalculates all the identity attributes of an identity. You do not have an option to do a bulk identity refresh in UI based on your requirement.
The identity attribute calculates the value based on the mapping you configured in Identity Profile when you processing the identity and it will not update any account attribute in any sources including disconnected source unless you have any provisioning plan for the direct connector source. Coming back to your requirement and if it is a one time process, below could be a best option
attributes.department:"department1"
Select “ID” column from the Column Chooser in your result.
Download the query result and get all identity IDs
Add all IDs into the request body in Identity Processing API and process it as a single request.
Now you can go and check in the ISC where only the above set of identities getting refreshed.
@Abhishek_1995
Does this only refresh all the identities associated with a specific Identity Profile? From reading the documentation you sent, that’s what I gathered. The disconnected source that is experiencing an issue does not have an Identity Profile.
Hi @jared-fox,
Yes, Refreshing typically applies to identities associated with a specific Identity Profile. If the disconnected source doesn’t have an Identity Profile, it won’t be included in the refresh process.
Thank you!
Could you please explain the issue you are facing with the disconnected source?
Thanks.
Hi Nikhlesh,
I believe it’s best to provide a detailed explanation to avoid any misunderstandings due to my previous vagueness and lack of experience.
We have a disconnected source that stores information for almost all users. Recently, we encountered an issue where users are being duplicated in this source. The problem seems to stem from an attribute that was initially assigned as “3- Food” Later, it was corrected to “3-Food” The admin updated the attribute and applied it to all new users. However, it was discovered that users who were initially assigned the incorrect attribute “3- Food” are now being duplicated with the new attribute “3-Food”
For example:
The admin suspects that an attribute refresh or update in SailPoint might resolve the issue. I am uncertain if this is the correct approach. Specifically, I am wondering:
I am feeling a bit lost as to whether this can be fixed using SailPoint or if I am wasting my time. Regardless, this has been a valuable learning experience.
Thanks @jared-fox for the explanation.
First thing, Identity refresh only refreshes the Identity, calculates the identity attributes value etc. so it would not resolve the issue on source attributes. Also, Delimited source does not support the attribute sync so you cannot update the attribute from SailPoint. Although you can use the SailPoint APIs to update the attribute. Below link has the APIs on account operations.
Accounts | SailPoint Developer Community
Attribute you updated later is account attribute or entitlement attribute? If you could share sample file with 1 sample data so that I can try to reproduce the issue.
As usually when you update an entitlement attribute value with new name then new entitlement will be created and old name also remains as is.
Thanks.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
