Trying to search for identities using account attributes, but not getting any option to do so. If anyone did this in the past, please help me with the search query
Good morning!
By using this search @accounts(source.name:" " AND mail:" ") you can find.
In place of mail you can give any attribute you want to find.
Please check the below link It may help.
Building a Search Query - SailPoint Identity Services
Thank You!
Unfortunately, the search functionality in ISC allows us to query identities only using identity attributes and the access objects such as source name, entitlement, access profiles or roles.
If it is really an important query/report you need to pull on a frequent basis, you can try creating a custom identity attribute on the identity profile, map it with your account attribute and use that in your search query. But I would not suggest this approach as this is source specific and if accounts from any new source need to be queried in future based on the schema attribute, then your identity attributes count would go up which is unnecessary.
@Abhishek_1995, the query you’ve provided would not work as ISC cannot search based on account attributes. There are only specific OOTB attributes such as source name, account id and account name which can be used in a nested query but not rest of the account schema attributes.
The OOTB supported queries for account attribute are below but this is to only pull specific user from the source:
- @accounts(name:“<value_here>”) [name would be the attribute marked as your account name in the schema]
- @accounts(id:“<value_here>”) [id would be the attribute marked as your account id in the schema]
- @accounts(accountId:“<value_here>”) [accountId would be the unique GUID for the account generated by SailPoint]
Additionally you can query accounts based on source.id & source.name which would give complete list of accounts from the downstream source details provided in the query.
Thanks,
Arshad.
3 Likes
correct… i noticed the same behavior
Till now ISC did not provide the search Identities using “firstname” or “lastname” attributes of accounts as in your query .
You can try @accounts(name:jdoe AND source.name:HR_Contractors_Autho) to get Identity using account name .
Below is the link for the documentation.
You will have to do it using your fav’ programming lang’
Call Accounts List for a particular source with a small page then get the json and loop over each obj to to apply your filter and write it to a file with attrs you need. I did this using Java Jayway JsonPath.