Hi everyone,
We need to report identities on some specific identity attribute changes. I reviewed and considered almost all options however it does not seem possible to get this report using Search. Is there any alternative solution for this requirement?
Thanks in advance!
Hello @sahincelik!
I would try using workflows to set this up. You can trigger a workflow based on an identity attribute change (and specify the ones that meet your requirements), then have the workflow send you an email (as an example).
Let me know if that helps or if you need more guidance.
Thanks!
Thanks for suggestion but this does not align with the requirement. Because what I am looking for is a dynamic report that I can choose any attribute change. So, I should be able to retrieve users for example whose department changed within the last 7 days or identities with the jobCode code attribute changed or any other identity attribute change that I will specify etc.
I believe you can use search query like this
@accountRequests((attributeRequests.name:jobCode OR attributeRequests.name:jobTitle ) AND source.name.exact:“Your Source”)
I found it here : Identity Attribute changes audit report - #3 by gauravsajwan1 ,and it was suggested by @mcheek
Combine this query using Relative Date Comparisons. Find more here: Building a Search Query - SailPoint Identity Services
Thanks but I believe this will return the attributes that IdentityNow provision for specific sources. What I am looking for is identity attribute change and it is done after account aggregation (usually authoritative source). It’s nothing to do any provisioning activity.
The only issue with this is that it’s tracking attribute changes being PUSHED from the identity to an account, not necessarily from an authoritative source to the identity
Thanks Mark, however as I mentioned above, I am not looking for an attribute provisioning report. The one you shared actually is not a “Identity Attribute Change Report” actually. As my understanding, IdentityNow does not support this OOTB. It’s only feasible in “Access History” page but this is only applicable for individual identity selections.
I would think that you would need to use something like the /beta/historical-identities/{{id}}/events API to get identity attribute change events. Put them in a table or excel file and query from there.
You can see above one of my attribute changes, what it was before and when it occurred. I probably would create a PowerShell script or something that would what you need from these API’s and put it in an Excel file or something. I imagine it’s a lot of data so that’s why I would say un upload to a db table might be easier to work with once you get a dump of the data. You can use query parameters to filter to specific event types.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
