Bulk Update Entitlement Owner

zeel_sinojia · May 6, 2025, 9:16am

Hello everyone,

I wanted to know if there is any way using which we can update the entitlement owner in bulk.

I have seen 2 ways to do it bulk till now:

Updating through UI by selecting multiple ents.
Updating through bulk update API. (update-entitlements-in-bulk | SailPoint Developer Community)

But there is a limit of 50 entitlements per API call. I have around 10k+ entitlements for which I have to add the owners.

Is there any other way where we can update the entitlement owner quickly, a bit easily and in bulk?

sidharth_tarlapally · May 6, 2025, 9:40am

Hello @zeel_sinojia

Use power shell script ?

function Get-Entitlements {
    param (
        [string]$Tenant = "YOUR_TENANT",
        [string]$AccessToken = "YOUR_TOKEN",
        [int]$Limit = 250
    )

    $headers = @{
        "Authorization" = "Bearer $AccessToken"
        "Content-Type"  = "application/json"
    }

    $offset = 0
    $allEntitlements = @()
    $hasMore = $true

    while ($hasMore) {
        $url = "https://$Tenant/v3/entitlements?limit=$Limit&offset=$offset"

        try {
            $response = Invoke-RestMethod -Uri $url -Headers $headers -Method Get

            if ($response.items.Count -gt 0) {
                $allEntitlements += $response.items
                $offset += $Limit
            } else {
                $hasMore = $false
            }
        }
        catch {
            Write-Error "Failed to retrieve entitlements: $_"
            break
        }
    }

    return $allEntitlements
}

function Update-EntitlementOwner {
    param (
        [string]$Tenant = "YOUR_TENANT",
        [string]$AccessToken = "YOUR_TOKEN",
        [string]$OwnerId,  # The identity ID of the new owner
        [array]$Entitlements
    )

    $headers = @{
        "Authorization" = "Bearer $AccessToken"
        "Content-Type"  = "application/json"
    }

    $endpoint = "https://$Tenant/v3/entitlements/bulk"

    # Process in batches of 50
    for ($i = 0; $i -lt $Entitlements.Count; $i += 50) {
        $batch = $Entitlements[$i..([math]::Min($i + 49, $Entitlements.Count - 1))]

        $updatePayload = $batch | ForEach-Object {
            @{
                id = $_.id
                owner = @{
                    id = $OwnerId
                    type = "IDENTITY"
                }
            }
        }

        try {
            $jsonBody = $updatePayload | ConvertTo-Json -Depth 5
            $response = Invoke-RestMethod -Uri $endpoint -Headers $headers -Method Patch -Body $jsonBody
            Write-Host "Updated batch of $($batch.Count) entitlements."
        }
        catch {
            Write-Error "Failed to update batch: $_"
        }
    }
}

# Example usage:
$tenant = "tenant.identitynow.com"
$token = "YOUR_TOKEN"
$newOwnerId = "IDENTITY_ID_OF_NEW_OWNER"

$allEnts = Get-Entitlements -Tenant $tenant -AccessToken $token
Update-EntitlementOwner -Tenant $tenant -AccessToken $token -OwnerId $newOwnerId -Entitlements $allEnts

Thanks
Sid

nhassan · May 6, 2025, 9:42am

Hi @zeel_sinojia

Have a read through this post and I think you should be able to do it using the PowerShell SDK Updating Object Ownership in Bulk Using the Powershell SDK

zeel_sinojia · May 6, 2025, 10:08am

Thanks @sidharth_tarlapally & @nhassan.

Thanks for your inputs. PS Script it is then.