Description

Two common steps when migrating a new source into production is to understand the impacts that new Roles will have as well as what attributes to enable for Attribute Sync. By leveraging the extensibility of SailPoint’s APIs, we can stage our changes and run two independent scripts to make sure our Role Membership and Transforms are correctly configured. The Role Membership report will show what entitlements will be added if a particular role is enabled. This helps identify if the role has too many users compared to existing users with those entitlements. The Attribute Sync report will show all attributes in the Provisioning Policy that are configured as Identity Attributes, and highlight which are already Synced, and which differ when compared to the Account Attribute. This report can be reviewed if updates to the Transforms are needed or if sync can be enabled with confidence.

Additional Resources

Preview Roles:
Get-RoleMembershipPreview.ps1 (10.3 KB)
Preview Attribute Sync:
Get-AttributeSyncPreview.ps1 (9.5 KB)

FAQ

Q: What version of PowerShell is this compatible with?
A: 6.00+ (Tested with 7.3.6)