How to create a campaign for the entitlements within specific entitlement type alone in a source?
If you want from to do it from UI:
->New Campaign->All access Items returned by Query->
Source.name.exact: âsourceNameâ AND attribute.exact: entType
taking it forward from there.
1 Like
Thanks, @lampard08! This helped filter the entitlements that I need for review. But there is one issue, my source has both active and inactive users. I want to only review the users in my source who are active with the entitlement type = roles. How can I achieve it?
Thanks @JackSparrow! How to use campaign filters for campaigns generated through search? Because I need to use 2 conditions
- Filter for active accounts in the application
- Filter for entitlements of specific type in the application.
**Campaign filters can be used only for âUncorrelated accountsâ
First you can create campaign filters for both the requirements by going to Adminâ>Certificationsâ>Campaign filtersâ>New.
Next, you can use these filters in Campaign that you will be generating.
For correlated(i.e Identities returned via search query), there is no way to filter out accounts that are active/inactive in a source because you can search only for below account attributes not all account attributes are searchable
"accounts": [
{
"id": "2c918083823c538c018245d81c3f7326",
"name": "edard.stark",
"accountId": "E012",
"source": {
"id": "2c9180887671ff8c01767b4671fb7d5e",
"name": "Employees",
"type": "DelimitedFile"
},
"disabled": false,
"locked": false,
"privileged": false,
"manuallyCorrelated": false,
"entitlementAttributes": {
"department": "Engineering",
"groups": [
"DevRel"
]
},
"created": "2022-07-28T17:26:07.167Z"
}
]
you may have to get this done from API.
in your sandbox, launch a campaign with above query to get the payload by :
{{baseUrl}}/campaigns?detail=FULL&count=true&filters=id eq â12345676543234567654â&sorters=created&limit=250&offset=0
12345676543234567654 is campaign id.
create a campaign filter with the condition you want on account attribute.
get the filter id.
in the payload you got from campaign search, update the filter :
âfilterâ: {
âtypeâ: âCAMPAIGN_FILTERâ,
âidâ: â8767876786767867867â,
ânameâ: âExclude Disabled Accountsâ
},
this will be your actual payload for the real campaign.
use {{baseUrl}}/campaigns to launch your campaign
Thanks for the suggestion. But looks like campaign filter update is not allowed via the patch API - update-campaign | SailPoint Developer Community
Thanks for the suggestion. Having both account and entitlement filter in the same campaign filter takes all the conditions combined by OR. This will result in the campaign including the inactive accounts as well with the entitlements in the OR condition. This isnât the expected behaviour I want.
I want only the campaign to contain the active accounts with the entitlements of type=roles.
Even if there is an inactive account having entitlements with type=roles, I donât want it to be included in the campaign.
you should not patch. create a new campaign. the reason to pull payload from existing campaign is to get the payload template for you ent filtering.
I did this quite few times with various conditions.
get me the campaign body with the ent filter, i might get you want you want.
Thanks Chelsea for the clarification! I missed the new campaign creation part with the updated payload.
I created a new campaign with the filter to exclude inactive accounts. The preview is currently getting generated. I will confirm on the result once the campaign gets generated.