Searching Roles with entitlements from a specific source

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hi all, is it possible to find all roles with entitlements from a specific source using search queries? Did not see that source.name was a searchable field for roles. Thanks in advance.

2

Hi

In IdentityNow (IDN), you cannot directly search for roles by source.name of their entitlements using the standard search UI—this is not supported.

The Role Search feature (in IdentityIQ; similar UI experience applies in IDN) lets you filter roles based on:

  • Display name (e.g. sys*) using operators like “is like”
  • Role owner
  • Role type (e.g. IT, Business)
  • Enabled/disabled status, risk score, entitlements‑count, etc.

Here is some document for your refence and help you.

I hope this will help you.

Thanks

3

Thanks, I figured this might not be supported in UI. Is best way to approach this to just call APIs and iterate through the list of Roles to find if they have entitlements belonging to a specific source?

4

Yes, calling the APIs and iterating through roles to find entitlements tied to a specific source is indeed the best and only scalable approach in IdentityNow, since UI-based search doesn’t support filtering roles by source.name.

Here’s a detailed breakdown of how to approach this:

#Recommended API-Based Approach

  1. Get the Source ID
    You first need the source’s internal ID (not just its display name):
    API Endpoint:
    GET /v3/sources
    Then filter or search the results for your specific source.name.

  2. Get All Entitlements for the Source
    Once you have the source ID:
    API Endpoint:
    GET /v3/entitlements?sourceId={sourceId}
    This will return all entitlements tied to that source. You’ll get a list of entitlement objects like:
    json

{
  "id": "entitlement-id-123",
  "value": "CN=AppRole1,...",
  "type": "group",
  "source": {
    "id": "source-id-xyz",
    "name": "My AD Source"
  }
}

Note: Save the list of entitlement IDs for the next step.

  1. Get All Roles
    Pull the full list of roles:
    API Endpoint:
    GET /v3/roles
    You can paginate or filter as needed.

  2. Check Each Role’s Entitlements
    Each role definition contains an array of entitlement references, e.g.:
    json


{
  "id": "role-id-abc",
  "name": "HR Admin Role",
  "entitlements": [
    {
      "id": "entitlement-id-123",
      "type": "Entitlement"
    },
  ]
}

Match the entitlement IDs from the role with the ones from your source. If there’s a match, that role includes at least one entitlement from your source.

Thanks