Hello Team,
Could anyone please let me know how we can retrieve all attributes in IdentityNow?
Thanks in advance!
Mane
Hello Team,
Could anyone please let me know how we can retrieve all attributes in IdentityNow?
Thanks in advance!
Mane
Hi Mane,
Can you please elaborate on what you mean by all attributes? Do you mean identity attributes or account attributes?
The list public identities API displays the attributes for each identity. You can also use the search API with the following request body:
{
"indices": [
"identities"
],
"query": {
"query": "*"
}
}
Thank you @colin_mckibben for your quick response. But could you please let us know would it be possible to get list of IdentityNow attributes which appears in identity user list. Please see the attached screenshot for reference. Currently we were able to get only minimum list as per API call. Please see the output screenshot for reference.
Thanks a lot!
Mane
I actually authored an internal blog post on this very topic. Here are the details to get what you need.
When a custom identity attribute is added to an identity profile, that attribute is not specific to that profile and will be shared amongst all identity profiles. This means that all identities in a tenant have the same set of identity attributes, regardless of whether each identity’s profile maps them or not. If an identity profile doesn’t map one or more of the available attributes, then it is stored as null in the identity cube and won’t be returned in any API calls that list the attributes of the identity. This is why you will observe identities in the UI that have some similar and some different attributes, as it all depends on what attributes the underlying identity profile maps.
The following two images show how Adam Archer and SailPoint Services contain the common, required attributes, like Account Name and First Name, but Adam Archer has additional attributes like Job Title. These differences stem from the fact that Adam Archer’s identity profile has a mapping to pull in the Job Title and other unique attributes from the authoritative source, while SailPoint Services does not.
If you’ve ever used the Preview option when testing out transforms on an Identity Profile, you might notice that the preview output shows a large list of attributes, some of which don’t have a value.
This is because unique attributes that are created on an identity profile are shared across all identity profiles so that each identity will have all of these attributes in their cube, even if they don’t contain a value.
To get the full list of attributes, both standard and unique, in a customer tenant, the following API calls must be made.
GET https://{tenant}.api.identitynow.com/v3/public-identities?limit=1
This will return a single identity from the list of public identities available on the tenant. We only need one identity ID from this list. It doesn’t matter what identity it is, since all identities share the same attributes.
[
{
"id": "2c91808280430dfb0180431a5848045d",
"name": "SailPoint Support",
"alias": "SailPoint Support",
"email": null,
"status": null,
"manager": null,
"attributes": []
}
]
POST https://{tenant}.api.identitynow.com/cc/api/user/preview/2c91808280430dfb0180431a5848045d
Use the identity ID from the previous API call as the URL param in this call. We don’t need to supply a body for this to work. The output will provide the complete list of attributes in the identity cube. Simply pull the name field from each previewAttribute to build the list of identity attributes in your tenant.
{
"displayName": "SailPoint Support",
"id": "2c91808280430dfb0180431a5848045d",
"meta": {
"created": "2022-04-19T18:34:01+00:00",
"modified": "2022-04-19T18:34:02+00:00",
"type": "identityProfiles"
},
"name": "SailPoint Support",
"previewAttributes": [
{
"messages": null,
"name": "manager",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "email",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "firstname",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "lastname",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "displayName",
"previousValue": "SailPoint Support",
"value": null
},
{
"messages": null,
"name": "phone",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "personalEmail",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "identificationNumber",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "workPhone",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "uid",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "startDate",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "country",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "jobTitle",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "visibleSegments",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "wifiGroup",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "department",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "usageLocation",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "endDate",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "test",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "githubUserName",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "lastCertifiedDate",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "cloudLifecycleState",
"previousValue": null,
"value": null
},
{
"messages": null,
"name": "licenseStatus",
"previousValue": null,
"value": null
}
]
}
Thank you so much @colin_mckibben
Regards
Mane
Looks like there is a simpler API to get all identity attributes in your tenant. Try this:
GET https://{tenant}.api.identitynow.com/cc/api/identityAttribute/list