Bulk Role Assignment

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Which IIQ version are you inquiring about?

8.4p2

Share all details about your problem, including any error messages you may have received.

We are implementing a number of roles and want to do a one-time assignment of roles to the required active identities in order to ease the load of a manager and owner having to submit numerous request for existing users.

Any suggestions?

2

Hi @talbright

Use SailPoint OOTB feature of Batch Request to assign role in Bulk. Refer the below document for the format of file.

Once the file is ready.

  1. Login to SailPoint IIQ.
  2. Navigate to Setup –> Batch Requests
  3. Upload the file that you have created.
  4. Select the options as per your requirement in the Batch Request page.
  5. Submit the Request.
1 Like
3

Thanks for the info. One thing I dont see clearly stated, does this trigger access request that will then trigger approval workflow or does this only add the role to the identity?

Also, does this trigger the notification to the user that the access was provisioned?

4

If you want to trigger Access Request, there is a option that you can enable. By default it is not checked in. If you want to have an access request, you can select that option. This option you can find in the Batch Request page just before the Submit button.

For Approval Workflow, you can disable it via control variables of the workflow that is being used for this Batch Request process.

Workflow details you can find by going to the below pages:

  1. Login to SailPoint IIQ.
  2. Click Gear ICon.
  3. Choose Lifecycle Manager –> Business Process.
  4. Scroll down to see which Batch Request you are trying to do.
  5. You will get the name of the Batch Workflow.
  6. You can edit the control variables of that workflow to meet your desired goal.
5

I gave this a try and getting this error which doesn’t make sense because the header is correct.

 
sailpoint.tools.GeneralException: Expecting operation as first header field not: operation
	at sailpoint.api.BatchRequestValidator.validateHeaderFields(BatchRequestValidator.java:436)
	at sailpoint.task.BatchRequestTaskExecutor.execute(BatchRequestTaskExecutor.java:194)
	at sailpoint.api.TaskManager.runSync(TaskManager.java:981)
	at sailpoint.api.TaskManager.runSync(TaskManager.java:764)
	at sailpoint.scheduler.JobAdapter.execute(JobAdapter.java:128)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)

Here is the csv contents:

operation, roles, identityName
AddRole, IT-Test-Entitlement, test001
AddRole, IT-Test-Entitlement, test002
AddRole, IT-Test-Entitlement, test003

6

This error was because I used excel to create the csv. excel must encode the file in a way IIQ doesn’t work. Once I used notepad it ran successfully.

1 Like