How do I generate a report for all active users of a particular application along with their corresponding entitlements using a search query?

Ankitha12 · July 18, 2025, 6:29am

I have written a search query for a single application to get all active users and their corresponding entitlements:

@accounts(source.name:“ABC Application”) AND attributes.cloudLifecycleState:active

This query returns all active users for the ABC Application, but when I download the report, I see entitlements from other applications as well.

How can I restrict the results to show only the entitlements related to the ABC Application?

HussainshaSyed001 · July 18, 2025, 6:34am

use query like this @access(source.name.exact:ABC Application)

nithyamn13 · July 18, 2025, 10:47am

Hi @Ankitha12 ,
Welcome to the Sailpoint Developer Community
Try source id instead of name and see if that works
@accounts(source.id:“**********************”) AND attributes.cloudLifecycleState:active

pattabhi · July 18, 2025, 12:04pm

Hi @Ankitha12

Here is the workaround: (in my solution I use Active Directory source)

attributes.cloudLifecycleState:active

When you click Get report, you need to select Include Access details

finally, you need to filter on the downloaded report:

Access Type : ENTITLEMENT and Access Source Name: ACTIVE DIRECTORY

iamnithesh · July 18, 2025, 12:11pm

You cannot do this with single search query. You will need a script to filter out unwanted entitlements from the result

jainanimesh · July 18, 2025, 12:20pm

Hello @Ankitha12

Welcome to the community!

This cannot be extracted from a single search query as there is no way in search to apply filters currently. There are two ways currently to suffice this -

Run your query in Search and Include Access Details while downloading the report. Filter this data for Access Source Name for the required application.
Go to Connections → Sources → Open Source → Go to Accounts Page → Click on Export. Filter the data as required.

Ankitha12 · July 21, 2025, 6:48am

Thanks for the help @HussainshaSyed001, but this query also does not to show only the entitlements related to the ABC Application

Ankitha12 · July 21, 2025, 6:49am

Thanks for the suggestion @pattabhi, but client does not want to add filters in the excel(reports)

Ankitha12 · July 21, 2025, 6:51am

Thanks for the suggestion @nithyamn13, but the query which you have shared also give the same result

Ankitha12 · July 21, 2025, 6:53am

Thanks for the help @jainanimesh, but client does not want to add filters in the excel(reports)

vdivakar · July 21, 2025, 9:07am

Hi @Ankitha12 , the only way to export such customized report is via writing a Script.
Use search API in Python/Powershell OR whichever Programming language you are comfortable with.

Iterate through the response and write logic in the code to append only those rows which has entitlement source name listed as “Application ABC”.

You could schedule this code to run on client’s server and send the report to any client side email address using client’s smtp server.

Seems too much effort when we can just filter the exported data from Search Export.

Topic		Replies	Views
Search Identities and their accesses ISC Discussion and Questions identity-security-cloud , search	14	340	November 17, 2024
Search query report that will list event date, target user, source name and entitlement added ISC Discussion and Questions search	5	1086	July 19, 2023
Search Query to return source data ISC Discussion and Questions identity-security-cloud , search	6	40	June 8, 2025
Campaign For Specific Entitlement Type in a Source ISC Discussion and Questions identity-security-cloud , certifications	11	160	March 1, 2025
Search query to get users access ISC Discussion and Questions identity-security-cloud , search	9	98	July 25, 2025

How do I generate a report for all active users of a particular application along with their corresponding entitlements using a search query?

Related topics