Seeing odd results when searching by email address in the UI

I was doing some searching based on the email address using the Search UI and was noticing some odd behavior and was wondering if anyone else has encountered this with the email attribute or any other attributes.

I also encountered some differences in how you need to search the email field as well, which I will document here also.

For the purpose of this message, I am using a fresh ambassador tenant with Sailpoint Demo data installed on it. The user I will be searching for will be Adam Kennedy, who has an email address of “[email protected]” in the system.

Searching the Exact, Complete Email Address

First, the primary issue I saw, that I believe may be a bug. When using the Search UI, I was attempting to look up an identity based on the email address and if I used the actual, complete email address, it returned ALL identities, not just the one that matched.

When I used the search query “attributes.email:[email protected]” the search returned every identity.

Screenshot 2024-05-14 at 3.51.27 PM2113×1283 222 KB

If I modified the search to remove the last letter to give me this search query “attributes.email:[email protected]” the search returned the singular identity.

Screenshot 2024-05-14 at 3.51.13 PM2113×894 35.7 KB

I have not tested to see if this occurs with other fields at this time, but will if I have time later.

After I noticed that, I started testing out some additional searches based on other odd items I found helping a client.

Searching using a partial match before the @ symbol:

attributes.email:[email protected] - Returns ALL identities

attributes.email:Adam.Kennedy@sailpointdem - Works, Returns matching identitied
attributes.email:Adam.Kennedy@sailpointdem* - Does not work. Returns 0 results

Screenshot 2024-05-14 at 4.30.41 PM2113×1283 99.3 KB

Screenshot 2024-05-14 at 4.30.45 PM2113×1283 112 KB

attributes.email:Adam.Kennedy@ - Works, Returns matching identities
attributes.email:Adam.Kennedy@* - Does not work. Returns 0 results

Screenshot 2024-05-14 at 4.30.52 PM2113×1283 98.2 KB

Screenshot 2024-05-14 at 4.30.58 PM2113×1283 111 KB

attributes.email:Adam.Kennedy - Works, Returns matching identities
attributes.email:Adam.Kennedy* - Works, Returns matching identities

Screenshot 2024-05-14 at 4.31.04 PM2113×1283 97.7 KB

Screenshot 2024-05-14 at 4.31.10 PM2113×1283 98 KB

attributes.email:Adam.Ken - Does not work. Returns 0 results
attributes.email:Adam.Ken* - Works, Returns matching identities

Screenshot 2024-05-14 at 4.31.17 PM2113×1283 109 KB

Screenshot 2024-05-14 at 4.31.21 PM2113×1283 97.3 KB

Switched to "An" here because this will return more than 1 result
attributes.email:An - Does not work. Returns 0 results
attributes.email:An* - Works, Returns matching identities

Screenshot 2024-05-14 at 4.32.18 PM1948×840 31.3 KB

Screenshot 2024-05-14 at 4.32.26 PM1948×1172 150 KB

Tested with lastname:

attributes.lastname:Kennedy - Works, Returns matching identities
attributes.lastname:Kennedy* - Works, Returns matching identities
attributes.lastname:Kenn - Does not work. Returns 0 results
attributes.lastname:Kenn* - Works, Returns matching identities
attributes.lastname:K*y - Works, Returns matching identities

@gmilunich I think wrapping the email address in quotes may be required here since the email has special characters in it that are used in search dot notation. Just tried it and it only returns the one identity with the matching email.

You are correct, wrapping it in quotes does allow you to search for the exact name.

However, if you try and do any partial matching with quotes, it fails.

attributes.email:"[email protected]" - Works, Returns matching identities
attributes.email:"[email protected]*" - Does not work. Returns 0 results
attributes.email:"[email protected]" - Does not work. Returns 0 results
attributes.email:"[email protected]"* -  Does not work. Returns ALL Identities.

So it seems like there are 2 operating methods here with email. Still seems like a Bug to me to require quotes with the exact when removing one character does not require quotes to find it.

When you search using wildcard, do not use quotes. That’s the way it would work. It does not work with quotes.

For single email search make sure you have that inside quote because it has special characters.

I’ve noted that using the ‘exact’ keyword often helps:

attributes.email:[email protected] → every identity with the @test.com address
attributes.email.exact:[email protected] → only identities with ‘[email protected]’ address

The wildcards work until you get to the @ symbol. After that, they stop working, likely due to it being a special character. I can search just the portion after using the * if there is no @ Symbol also.

Some additional tests based on this answer:

attributes.email:Adam.Kenned*ailpointdemo.com - Does not work. Returns 0 results
attributes.email:Adam.Kennedy*sailpointdemo.com - Does not work. Returns 0 results
attributes.email:"Adam.K*sailpointdemo.com" - Does not work. Returns 0 results
attributes.email:"Adam.Kennedy*sailpointdemo.com" - Works, Returns matching identities
attributes.email:"Adam.Kenned*sailpointdemo.com" - Does not work. Returns 0 results (removed last y also)
attributes.email:sail*demo.com  - Works, Returns matching identities
attributes.email:R*.K* - Works, Returns matching identities
attributes.email:"R*.K*@sailpointdemo.com" - Does not work. Returns 0 results
attributes.email:"R*.K*sailpointdemo.com" - Does not work. Returns 0 results

I would have expected the first 3 to work, as they do not involve the special character.

It appears that multiple wildcard characters can be used without quotes, but can not be used with quotes.
It appears that the wild card can replace the @ symbol within quotes, but not additional characters or characters in any other part of the email when quoted, but can not replace the @ symbol when not quoted.

It seems that for the email address, the “exact” keyword might be the best approach for this.

I did the following testing:

attributes.email.exact:"[email protected]" - Works, Returns matching identities
attributes.email.exact:[email protected] - Works, Returns matching identities
attributes.email.exact:Adam.Kennedy@sailpointdemo.*om - Works, Returns matching identities
attributes.email.exact:Adam.Kenne*@sailpointdemo.com - Works, Returns matching identities
attributes.email.exact:Adam.Kenne*@sailpoin*mo.com - Works, Returns matching identities
attributes.email.exact:R*.K*@sailpoin*mo.com - Works, Returns matching identities
attributes.email.exact:R*.K*ilpoin*mo.com - Works, Returns matching identities
attributes.email.exact:"Adam.Kennedy@sailpointdemo.*om" - Does not work. Returns 0 results

So based on this, it seems that the recommended approach for searching for an email would be to use the EXACT keyword without quotes, which will allow you to search any variation of the email, including the whole email address, with or without multiple wildcards.

So some further testing of the use case, and it seems the flaw with using “exact” is that it is case sensitive, so if you don’t know the proper case you are looking for, it will fail.

Testing done:

attributes.email.exact:Adam.Kennedy@sailpointdemo.*om - Works, Returns matching identities
attributes.email.exact:ADAM.Kennedy@sailpointdemo.*om - Does not work. Returns 0 results
attributes.email:"[email protected]"  - Works, Returns matching identities
attributes.email:ADAM.Kennedy@sailpointdemo.*om - Does not work. Returns 0 results

So it seems that this is not a perfect solution either.

So if you have consistent case, then the “exact” method is the best for searching. If you do not, then you need to use some of the other approaches.

I still feel that it is a bug though that searching the whole email address without quotes returns all identities, which do not match.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.