Migrate Roles from Prod to LE

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Hi All,

We have a requirement to migrate all the Business Roles to our QA environment, this is because QA does not have the accurate BUS Roles as prod due to that QE team facing challenges not having the enough test data.

Please advise any best practices

Thanks,

Sunil.

2

Hi @sunilasm

Are you following any build process in your sailpoint IIQ environment? If yes, then update the business roles in your QA repo and perform the build.

If not, then you need to export all the business role xml from production. Once it is done then import those business role in your QA.

Let me know if you have more questions regarding this.

Usually best practice is to use build process to deploy the custom changes but if your env does not have automated build and deployment, then please use the below.

For Manual Steps:

Best Practices are below:

  1. Use Object Exporter Plugin to export the xml files from PROD.
  2. Import these files to QA environment.

Thanks

Manish Singh

3

Hi @msingh900 - we are using GIT for the build and deployment, but when i check the repo we are miniating the Bundles

4

Just check the differences between your QA and Prod environment repo under bundle folder.

Thanks

5

Yes, we are not maintaining the bundles on the entire repo

6

Do you have it for PROD ?

7

Hi @sunilasm

If you are aiming for one time import (which I don’t suppose so), you can always do that in 3 efficient ways:

  1. IIQ Console - Execute the command export -clean Bundle.xml Bundle or checkout Bundle Bundle.xml -clean to export the Bundle objects without id and unwanted metadata of environment.
  2. Using IdentityIQ UI - Create the task of type XML Object Explore shown as below and ensure you add Bundle as the object type. Ensure you check the options to remove Id’s and environment metadata. This task also provides option to search by specific names to only include specific roles matched by regular expression

image
image530×665 19.2 KB

image
image1518×286 19.3 KB

However, the recommended approach is always through the pipeline as it helps majorly with two things:

  • Your LE environment is maintained with new roles automatically as part of new deployment (no need of manual import to maintain sync)
  • Maintains the environment specific data. Eg: your Business roles might contain IT roles that has references of production entitlements, and your entitlement names may differ in lower environment. This can be achieved using the target properties file if you are using SSB.