How to list all identities that have Access Profile assigned

Hello,

How do I get a list of all identities that have Access Profile “test AP” assigned - What is the right API call for this?

For example if I want all users with Role “test Role” assigned I can use GET https://sailpoint.api.identitynow.com/beta/roles/<:id> and then look at membership object.

The GET https://sailpoint.api.identitynow.com/beta/access-profiles/<:id> doesnt seem to have this

Thanks

Looks like it is /v3/search

with Body

{
  "indices": [
    "identities"
  ],
  "query": {
    "query": "<AP ID>",
    "fields": [
      
    ]
  }
}

Hi Jason,

That is correct. The search API is your best option for querying this information. The identity data model has a lot of fields available for searching, which you can find here. You query will search all fields for that GUID (which will probably work), but you can fine tune your query to only search for access profiles that have that ID.

{
	"query": {
		"query": "@access(id:2c9180867e0ab36d017e2b809fb323b4 && type:ACCESS_PROFILE)"
	},
	"indices": [
		"identities"
	]
}
1 Like

Thanks @colin_mckibben this is a very helpful reply!

Additional info I will add here. If you search for just the access profile id (or access profile name) against the “identities” index, this will not work.

You will get all the people with this access profile assigned, PLUS the owner of the access profile, regardless of whether they are assigned the access profile or not.

You must use the @access(id:<AP ID>) if you do not want to include the owner (which I assume is what you’re after).

2 Likes