Hi IdentityNow experts,
Is there a way to customise the scheduled identity refresh from 8am/8pm to another time? We have a requirement to refresh the cloudLifecycleState at 10pm in tenant’s time zone. Any suggestions are highly appreciated, thanks.
Ronald
Currently, those refresh jobs are hard-coded to occur at 8am and 8pm. The only way to change it is to update the org timezone setting using the /beta/org-config endpoint (list of valid timezones via /beta/org-config/valid-time-zones).
The drawback to this approach is that EVERY scheduled job would be affected, not just those refresh jobs.
That being said, if you want to force a refresh at a specific time, it IS possible to completely disable the 8am refresh via a Feature Flag (via request to Support), and then you could call /beta/identity-profiles/:identity-profile-id/refresh-identities by using an external method such as using Powershell to run the API on a defined schedule.
Thanks for this information, I hadn’t come across the beta endpoint for identity refreshes, nice way to control “full” refreshes in the future.
Regarding the hard-coded refreshes, I thought those were being phased out, with the nightly one already gone:
Do you know when that change might be fully implemented through all SailPoint tennants?
Thanks!
Good morning @Justin ,
Both 8am and 8pm processing are still occurring. Here’s a documentation page which details what goes on for each:
The intent is to eventually retire the scheduling of these jobs once everything is being updated and processed in real time. This is an ongoing effort.
Hope that helps!
Hi Richard,
Thanks for your suggestions.
I set up a workflow with a scheduled trigger at 10pm at tenant’s time zone with the HTTP request to /beta/identity-profiles/{{profile_id}}/refresh-identities. The workflow worked properly and refreshed the identities from that IdentityProfile. The target identity is updated, but the LCS is not re-calculated. Then I manually triggered a refresh on a test identity with the API /cc/api/system/refreshIdentities. And the LCS is calculated and updated accordingly. So it proves the transform logic is working properly (with timestamp) but the API to refresh identities from Identity Profile is not.
Regards,
Ronald
Good morning @ronaldchuiASB ,
Thank you for that information. I am going to investigate further and will create a dev ticket to see if they can also execute the LCS recalculation from the beta refresh-identities endpoint.
Rich
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.