I am trying the latest:

Bulk Access Profiles and Roles Importer

Date: 2021-03-08

Author : Rakesh Kapoor
Heavily Modified by Christophe Chazeau in June 2023

CSV file I am trying to use: NOTE - the user is not getting the Role as verified via the UI. Any in pointing me into the right direction for troubleshooting would help.

assignUsersToRole, Test AD TH Birthright Role - Account Creation - UAT Testing Requestable, IDENTITY_LIST,rpgz7430

Result Screen (note: I change the URL value here so it is not the real one)
INFO : Role Importer Tool : --------------------------------------------------------------
INFO : Role Importer Tool : IdentityNow Bulk Role/Access Profile Importer
INFO : Role Importer Tool : --------------------------------------------------------------
INFO : Role Importer Tool : Version : 9.2.0
INFO : Role Importer Tool : Date : 2023-08
INFO : Role Importer Tool : Author : Rakesh Kapoor ([email protected])
INFO : Role Importer Tool : Modified : Christophe Chazeau ([email protected])
INFO : Role Importer Tool : Handling command line values (will override config file)
INFO : Role Importer Tool : --------------------------------------------------------------
INFO : Role Importer Tool : Reading configuration… ./config.json
INFO : Role Importer Tool : --------------------------------------------------------------
INFO : Role Importer Tool : Config Recap :
INFO : Role Importer Tool : URL : https://something.api.identitynow.com
INFO : Role Importer Tool : File : TestRoleAssign-B.txt
INFO : Role Importer Tool : --------------------------------------------------------------
INFO : Role Importer Tool : Success : Retrieved Access Token
INFO : Role Importer Tool : Authenticating to IdentityNow…
INFO : Role Importer Tool : --------------------------------------------------------------
INFO : Role Importer Tool : Authentication successful.
INFO : Role Importer Tool : Getting List of Sources, every ‘#’ is 250 sources :
INFO : Role Importer tool : Sources : found 54 sources
INFO : Role Importer Tool : Getting List of Existing Access Profiles, every ‘#’ is 250 Access Profiles :
INFO : Role Importer tool : Access profiles : found 73 Access profiles
INFO : Role Importer Tool : Getting List of Existing Roles , every ‘#’ is 250 roles : ##########
INFO : Role Importer Tool : Found 2514 roles
INFO : Role Importer Tool : Getting List of Existing Applications
INFO : Role Importer Tool : Application Hash Map Creation Success!
INFO : Role Importer Tool : Getting List of Governance Groups, every ‘#’ is 50 groups :
INFO : Role Importer tool : Governance Groups : found 4 groups
INFO : Role Importer Tool : Getting List of Segments, every ‘#’ is 50 segments :
INFO : Role Importer tool : Segments : found 1 segments
INFO : Role Importer Tool : Reading CSV file TestRoleAssign-B.txt…
INFO : Role Importer Tool : --------------------------------------------------------------
INFO : Role Importer Tool : >>> Processing line #1 : task assignUsersToRole <<<
INFO : Assign Users To Roles : Assigning Role ‘Test AD TH Birthright Role - Account Creation - UAT Testing Requestable’ to users by updating it
INFO : ‘122e03c340d64f2abc556adb39e65417’
INFO : rpgz7430
INFO : Assign Users To Roles : Role assignment for role Test AD TH Birthright Role - Account Creation - UAT Testing Requestable updated

Does the user not have the role or doesn’t get the access associated with the role?

Alicia

Alicia,

If I run {{baseUrl}}/roles/:id/assigned-identities via Postman, it does not show the user in question in the result. Also when I look at the Role via the UI, the user is also not listed.

Hi @ScottTanselle ,

As I could see the provided way

assignUsersToRole, Test AD TH Birthright Role - Account Creation - UAT Testing Requestable, IDENTITY_LIST,rpgz7430

to assign roles I think you need to give “;”. In case if it doesn’t work out try declaring one more identity as per the below provided syntax.

Kindly find the below provided syntax to assign the roles to users

assignUsersToRole, Role Name,assignedType,assignedValue

assignedValue can take the three values as VALUE_MAP or IDENTITY_LIST or `COMPLEX_CRITERIA’.

Example :

assignUsersToRole, Example Role, IDENTITY_LIST,iden1;iden2;iden3

For more details please find the provided link for your reference : https://community.sailpoint.com/t5/Professional-Services/IdentityNow-Bulk-Access-Profile-and-Role-Importer/ta-p/77382

I hope this will help.

Thanks,
Prashant

Prashant,

We did try before using 3 identities and it had the same result.

I also tried in Postman, with a body of, which it gives a 200 OK, but still don’t see the user being added to the Role

[
{
“op”: “replace”,
“path”: “/membership”,
“value”: {
“type”: “IDENTITY_LIST”,
“identities”: [
{
“id”: “7bfbb88d878a4b2aa3dd8ace86d52832”
}
]
}
}
]

Hi @ScottTanselle ,
I would like to know whether in your tenant refresh task is run successfully for the user?

Role assignment evaluate as per the configured identity Refresh task that runs every day at 8:00 AM and 8:00 PM in the tenant’s timezone to keep your identities synchronized.

Try to run the below provided API to process the identity :- start-identity-processing | SailPoint Developer Community.

Give it a try and hopefully it will work.

Thanks,
Prashant

It stated that it ‘passed’ for this particular user, though still that Role has not been assigned to the user

Hi @ScottTanselle ,
Post identity refresh task are you still experiencing issue with provisioning the assigned roles to user?

Yes, I am still having the same issue where the user does not get the role.

I am going to try with a different set of users and see what happens

Finally able to get the Bulk Importer to work.

Had to completely go through the Ruby script, display some of the values to the console to determine what was really needed in the input file for the userID.

For us, the script was looking for idAlias and it was determined that we need to use ‘Alias’ attr value on the SP Identity in the input file, which for use equates to employeeNumber.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.