Identity Refresh Task - Options

Which IIQ version are you inquiring about?

8.3

Currently I’m trying to understand the workings of the Identity Refresh Task, more specifically the following options:

  1. Always launch the workflow (even if the usual triggers do not apply)
  2. Refresh Identity Entitlements for all links

Regarding the 1st one, I think I understand that it launches the Identity Refresh Workflow for every Identity. But what are the triggers that are ignored?

For the 2nd one, I would like to understand the difference between running this vs running an account aggregation Task.

I appreciate any help.
Thanks

@tmamouros what do you mean by launch workflow ? you mean kick trigger ?

Refresh Identity Task Best practices - IdentityIQ (IIQ) / IIQ Discussion and Questions - SailPoint Developer Community

More details here also

Understanding identity refresh options - Compass

let me know if you have some specific requirement

Hi @pravin_ranjan, thanks for the fast reply.
From my understanding, the “Always launch the workflow” flag makes it so that the Workflow - “Identity Refresh” gets launched for every examined identity.
What I’m still trying to comprehend is, what are the triggers (that are referred as “usual triggers”). And where are they defined.

@tmamouros when you launch a workflow, it will refresh inside the workflow, ensuring that no trigger is missed from any process. It’s like launching the workflow or simply refreshing the configuration if they match. Every option in the identity refresh acts as a trigger in one way or another — for example, process events are related to lifecycle events, and so on.

Refreshing identity entitlements helps sync links and entitlements. Yes, with account aggregation, it will bring the data, but sometimes, until you refresh the cache, it may not be updated. You might notice this behavior if you add an entitlement and try to remove it, as it might not reflect immediately. However, once the cache is refreshed, it will show up. Essentially, the refresh process rebuilds the identity cache

@mkumariaasok thanks.
Regarding the refresh identity entitlements, are there best practices for how often a identityrefresh task should be run with this flag?

Understanding identity refresh options - Compass

normally we run 2 times ( 1 in morning and 1 in night - so table is up to date ) but it depends upon need.