Share all details related to your problem, including any error messages you may have received.
Hello, my network prohibits uploading screenshots… but I am having an issue with the Refresh-All-Users-No-Triggers task. The task completes successfully, but lately the run time has been around 3 hours, compared to a usual average of about 39 minutes… a 386% change. When the task completes, the results shows some “Identities with unanswered account selections”. How do I get those resolved? I had our database admin do a “re-index” on the database, but that did not help.
Hi @regilicha
Can you tell us what refresh identity options are selected ?
I think this is a role issue where a user has multiple accounts on the target system and the sailpoint unable to decide which one it needs to assign role entitlements.
Check if any roles are modified recently ?
Navigate to Work Items and then add the filter type as form , you will see all the form which is opened . this forms are getting open because user has multiple accounts in same target system and system is not able to identity on which account particular access need to be added .
You can select the required account in the form and can save it to get this competed .
“Identities with unanswered account selections” - this denotes the number of identities which is awaiting account selection when a certain role or entitlement is provisioned. This happens when a role/entitlement is provided to users in bulk and the user have multiple accounts in the target application
Navigate to work item and add the filter type as form. It will provide the list of form for identities with multiple account.
Seems like there are multiple accounts for the user on the same application and it is not able to select for which account it need to provision the requested access.
ok, so I was able to resolve the unanswered account selections. These users do have multiple AD accounts, and I had not noticed before that they had some roles where the “has pending requests” column had a value of “true” for some of their roles. There were no work item forms, so the only thing I knew to do was remove them from the roles and re-add them… selecting the appropriate account.
But the run time on my “Refresh-All-Users-No Triggers” task is still running over 300% longer than the usual time. I have the following options checked:
Refresh assigned, detected roles and promote additional entitlements
Provision assignments
Enable partitioning
Could this be something with the database server? They have already done a re-index on the database.