Hello,
I have a list of 550 identities that need certified. The access items will need to be refined and the reviewer will need to be a specific identity.
What’s the best way to filter the 550 identities? Looking at the filter API, there does not seem to be a way to add an identity list.
@mario_rod You can make use of search-based access certification.
Starting a Campaign from Search - SailPoint Identity Services
You can use tagging for these identities and then leverage that tag to search and scope the certification campaign. Once filtered, you can refine the access items and assign a specific reviewer. If you have any questions or need clarification, we can discuss further.
Thanks for the resp. The issue is that plugging all the email ids into the ui is not the best way to do this. Looking to use the API
Hi @ROHPU
Thanks for the response. I was looking at tags but wanted to see if there was an easy/efficient way to use the /campaigns API with SEARCH type and plug in the iden id’s into the query or something like that.
Something like this (The API docs are really poorly written so trying to get this to work):
{
"name": "Q2 2026 Access Certification",
"description": "Access review for selected identities and roles",
"type": "SEARCH",
"deadline": "2026-05-31T23:59:59.000Z",
"emailNotificationEnabled": true,
"autoRevokeAllowed": false,
"recommendationsEnabled": true,
"searchCampaignInfo": {
"type": "IDENTITY",
"description": "Access review for selected identities and roles",
"reviewer": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90cB001",
"name": "Jane Doe"
},
"query": "\"2c91808568c529c60168cca6f90cB001\" \"2c91808568c529c60168cca6f90cB001\" \"2c91808568c529c60168cca6f90cB001\"",
"accessConstraints": [
{
"type": "ROLE",
"ids": [
"role-id-1",
"role-id-2"
],
"operator": "SELECTED"
}
]
}
}
Hi @mario_rod ,
If you know specific identities and access, you can use search feature from UI → identity based campaign and refine access items.
If the identities and access follow a specific pattern you can check feasibility of campaign filter.
You can copy paste 550 identities in the identityIds array.
{
"name": "Targeted Search Campaign",
"description": "Explicit list of identities",
"type": "SEARCH",
"deadline": "2026-05-15T00:00:00Z",
"searchCampaignInfo": {
"type": "IDENTITY",
"identityIds": [
"2c91808568c529c60168cca6f90c1313",
"2c91808570b1234a0170b5678abc9999"
],
"reviewer": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313"
}
}
}
@mario_rod You can use Search based Certification for this usecase.
Hi @mario_rod ,
Use Advanced Search filters in certification scope to create a search-based certification targeting specific identities or Tag required identities with a custom attribute (e.g., certificationFlag=true) and filter the campaign using that attribute.
Use Search directly, select the identities you want, then hit Certify These Identities to create the campaign straight from the results.
You can use the search filter, first try the filter from the Search in UI