We need to assign roles to users during the initial load (day zero migration) account aggregation for Request based applications.
Details: Before the GO Live, we need to onboard delimited file application accounts to IDN for the first time using account aggregation. During this account aggregation process, we need to assign the respective role to the identity cubes which would be correlated during account aggregation.
What is the best rule/api/solution to assign the role to the identities - pls note that these apps are only Request based apps hence we have to assign the roles manually not via any assignment logic.
Load the data via account/entitlement aggregation of SOT and target sources
Validate all accounts are correlated to identities properly
Validate entitlements that are part of roles are assigned to the accounts
Have identities to role mapping sheet created for validation
Use Submit Access Request (create-access-request | SailPoint Developer Community) API to raise access request via automated script or manually for identities that should be part of roles. Since all entitlements are already assigned to accounts, ISC will not provision anything on target system and only assign roles on the identities.
Can you suggest how we can invoke this API for few thousand of users.
It would be close to 10k users for whom we would need to invoke this api and from postman its not possible to do this in iterative manner.
After the data is loaded, you would be able to use the SDK to identify the users who meet your search criteria and then iterate through them adding the appropriate role. The SDK offers versions in Go, Python, PowerShell, and TypeScript so you can use what you are familiar with.
One thing to keep in mind since you working with thousands of users is that there is a limit of 100 API calls per 10 seconds. So, you will need to either slow the process down to wait out the 10 seconds or you will need to add a sleep/retry process if the task fails.