Which IIQ version are you inquiring about?
8.3sp2
Issue Summary
Our expectations for the Refresh task is not matching with what it is doing in reality. We have a Full Refresh task that targets a population that has an Active Directory account. We know it iterates through the entire population, BUT it is not performing the same actions on all of them. We are getting observations from certain users that their Active Directory information (displayed in Teams and Outlook) are not being updated.
We know that this is due to a particular Active Directory Link attribute is not being updated in their Cube.
Issue Details
When we run the same exact task on a single identity (i.e. name=="0012345678") using the Optional filter string box, the identity attribute and corresponding Active Directory target attribute will be updated:
We have eliminated the possibility of the Identity Attribute mapping itself being the issue, as it has been working for other users.
Task Configuration
Primarily, we are looking at understanding the inconsistency of why the Refresh task is “skipping” over identities when it goes over the whole population. We can get the task to do what we need if the reduce the iteration to just one identity. We believe that one of these boxes may need to be ticked or unticked, but we aren’t sure what has changed to give us this issue:
Screenshot
XML of Task
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<TaskDefinition created="1714054346053" id="0ad200e28ef31419818f1599b5456579" modified="1743596204833" name="Full Refresh-Active HR Records with Active Directory" resultAction="Delete" subType="task_item_type_identity" type="Identity">
<Attributes>
<Map>
<entry key="TaskDefinition.runLengthAverage" value="1379"/>
<entry key="TaskDefinition.runLengthTotal" value="332360"/>
<entry key="TaskDefinition.runs" value="241"/>
<entry key="TaskSchedule.host"/>
<entry key="checkHistory" value="false"/>
<entry key="checkPolicies" value="true"/>
<entry key="correlateEntitlements" value="true"/>
<entry key="correlateScope" value="false"/>
<entry key="deleteDormantGroups" value="false"/>
<entry key="disableIdentityProcessingThreshold" value="false"/>
<entry key="disableManagerLookup" value="false"/>
<entry key="doManualActions" value="false"/>
<entry key="enableManualAccountSelection" value="false"/>
<entry key="enablePartitioning" value="true"/>
<entry key="excludeInactive" value="false"/>
<entry key="filterGroups" value="Personnel with Active Directory"/>
<entry key="filterNeedsRefresh" value="false"/>
<entry key="forceWorkflow" value="false"/>
<entry key="includeWindowModified" value="false"/>
<entry key="keepInactiveViolations" value="false"/>
<entry key="markDormantScopes" value="false"/>
<entry key="noAutoCreateScopes" value="false"/>
<entry key="noMaintenanceWindowRetry" value="false"/>
<entry key="noResetNeedsRefresh" value="false"/>
<entry key="noRoleDeprovisioning" value="false"/>
<entry key="processTriggers" value="true"/>
<entry key="promoteAttributes" value="true"/>
<entry key="promoteManagedAttributes" value="true"/>
<entry key="provision" value="true"/>
<entry key="refreshCompositeApplications" value="false"/>
<entry key="refreshGroups" value="false"/>
<entry key="refreshIdentityEntitlements" value="true"/>
<entry key="refreshManagerStatus" value="true"/>
<entry key="refreshRoleMetadata" value="false"/>
<entry key="refreshScorecard" value="false"/>
<entry key="synchronizeAttributes" value="true"/>
<entry key="taskCompletionEmailNotify" value="Disabled"/>
<entry key="taskCompletionEmailRecipients"/>
<entry key="taskCompletionEmailTemplate"/>
</Map>
</Attributes>
<Description>DO NOT MODIFY! This full identity refresh will only scan accounts that are currently active in HR and posses an Active Directory account.</Description>
<Owner>
<Reference class="sailpoint.object.Identity" id="0ad200e18a4719d2818a655047a42db4" name="admin"/>
</Owner>
<Parent>
<Reference class="sailpoint.object.TaskDefinition" id="0ad200e18a181198818a1802bddf01b6" name="Identity Refresh"/>
</Parent>
</TaskDefinition>