Segmentation in IDN not working as expected

Hello,

Has anyone able to configure segmentation and make it work?

Here are the steps i followed:

1- create segment
2-Define segment- type=contractors
3- add 1 role
4- confirm identity matched the criteria as contractor.
5- login using identity,
6- go to request center, roles, i am able to see all roles with no segmentation
7- confirm the identity has Visible Segments value with id populated.
Any ideas?

thanks,
Anish

Hi @anish_karkare,

Check out this documentation article on segmentation and let me know if it helps.

1 Like

yes, i have followed the documentation and is included in my original post.

Oops, that’s embarrassing :sweat_smile:.

Segmentation was just released to staging orgs yesterday, so this may be an issue. Let me discuss internally to see if this is a bug.

1 Like

i guess, i found the answer after i re-read the documentation,
the solution is, you have to segment aka Scope all
"When a user in a segment visits the Request Center, they are presented with the access items defined in their segment and **access items that are not included in any segment. "

all roles not added to segment are considered “public”

1 Like

I’ve made multiple Segments and it seems that it takes time for them to take effect as well. Over half of the roles in my dev instance. So for example I have 10 roles, and 3 are assigned to a segment and 4 to another. When I initially turn on the segments, I can see it unfiltered but if I wait a day or so, it typically comes good. This makes it difficult to test though.

Anyone else had similar issues?

1 Like

Hi Brendon ,

We also faced mutiple issues with segmentation
First thing is we can now only add 50 roles at time to segment and anything more 50 roles adding one time to a segment will results an error
so everytime you need add 50 roles only.

To remove role currently only 1 role by role unchecking is possible

Also lot of time screen got stuck espically when you are working with huge roles , also it shows different results each time define access screen

@brendonmurphy we’re just starting to use segments in our tenant and I’m experiencing exactly the same issue that segments don’t work straight away.
Only after some unknown amount of time user starts seeing what they should be seeing. Documentation doesn’t mention anything about it, would be really helpful to know if there’s a way to trigger some sync/refresh for segments to take effect faster. Some input on this would be helpful @colin_mckibben

1 Like

@danieldevcic I’ll make a note to look into this further. Thank you for bringing this to our attention.

1 Like

Thanks @colin_mckibben I also have a ticket for a similar/related issue, and I can also confirm same issue that @Learingiam has, not being able to add more than 50 access profiles/roles to segment, getting error.

@colin_mckibben @anish_karkare , I am also facing the same issue -

I created 2 segments and defined the access profile inside it and defined in two different application , but the identity from segment A showing the access profile from other segment B.

Is there any solution on these?

@IAMpdu how long ago have you created it? It takes a very long time for configuration done on segments to actually be applied in the UI for end-users

We also just started using Segments, at first it worked like a charm but got inconsistent results with further testing. Below are the steps we took:-

We first tested this by adding 1 user to Define Segment section and added a few roles there. As expected after waiting for 20-25 minutes, only that user was able to view those roles in request center, and no one else was seeing it. That is promising and what we want to implement for our use case.

However when we tried a criteria like choosing, a department, and assigned all/most roles to it, the behavior is the opposite to what is expected. We tested this in our sandbox environment. Steps are as below:-

  1. Created a new Segment.
  2. Define Segment:- “Department”:“Information Technology” :- it pulled the correct list of users
  3. Define Access:- we selected 56 roles out of 58 roles that are present in Sailpoint Sandbox
  4. Saved it.

Now when the users in that department go to Request center > Roles, they are seeing the unselected roles and not the roles selected in the Define Access section of Segment. They should be seeing 56 roles, however are seeing the remaining 2. This is the opposite behavior, has anyone encountered it before? Any suggestions on this please?

I’m sorry to see that you haven’t received a response yet. When I tried segmentation, I tested the functionality similar to how you tested yours and it worked just fine. However, when I changed the segment definition criteria to include an entire department of 41 users no one was able to see the roles even though the segmentation identities were all correct. So I had to disable the segmentation so that the roles could be utilized. I will need to submit a ticket for assistance because I’m not sure what the issue is.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.