Showing Pre and Post Refresh rules for Refresh Identities tasks in the UI

Remold · May 30, 2024, 7:14pm

Refresh Rules

It is possible to run custom code during the ‘Refresh Identities’ task. A refreshRule runs after the refresh of each identity in the task and a preRefreshRule runs before the refresh. These rule permits the adjustment of Identity attributes as the Identity undergoes a refresh. Refresh rules are typically employed in refresh tasks that are manually initiated, which are set up for data rectification when incorrect aggregation setups have led to unintended data impacts on Identities. Nonetheless, these rules can also be used in standard refresh or aggregation tasks to assign attributes, typically custom attributes.

Configure Refresh Rules

Out-of-the-Box the refresh rules are specified as a task argument to a refresh task, but can only be added to the task XML, not through the UI.
The rule name is recorded in the taskDefinition XML as:

<entry key= "refreshRule" value = "[Refresh Rule Name]" />
<entry key= "preRefreshRule" value = "[Refresh Rule Name]" />

Adjusting the UI to show and edit the refresh rules

It is possible to adjust the default task definition for all Refresh-tasks to show the Refresh rules in the UI:

Go to the debug pages
Select Object type : TaskDefinition
Open: Identity Refresh
Add to the Inputs-element the following XML code:

      <Argument helpKey="This rule runs before the refresh of each identity" name="preRefreshRule" type="string">
        <Prompt>Pre Refresh Rule</Prompt>
      </Argument>
      <Argument helpKey="This rule runs after the refresh of each identity" name="refreshRule" type="string">
        <Prompt>Post Refresh Rule</Prompt>
      </Argument>

Save the object

Example:

Next time you edit a refresh-task in the UI, you will see:

Adding the name of the (pre) refresh rule in the UI will be saved in the task definition

Notes on upgrades/patched of IdentityIQ

The instructions above do adjust an Out-of-the-Box object. During an upgrade or patch all Out-of-the-Box objects can be overwritten during the process. Validate after the upgrade/patch if the instructions above have the be performed again.

References

More information on the refresh rules can be found in the whitepaper: Rules in IdentityIQ
Although the whitepaper states it is for IIQ 7.0, 7.1 & 7.2, it is for all version 7.x and 8.x versions

bhanuprakashkuruva · August 20, 2024, 4:57am

Good information @Remold. It is useful in some least cases. Besides, I think it may impact on performance because the task has lots of options enabled). But we have to select the options wisely (whatever required or create multiple refresh tasks by enabling required options and schedule them).

Topic		Replies	Views
Manual Identity Refresh via API ISC Discussion and Questions	5	4561	July 19, 2023
Run Refresh Identity through Rule IIQ Discussion and Questions identityiq	8	272	August 16, 2024
Refresh Roles for a particular identity ISC Discussion and Questions apis , identity-security-cloud	2	877	July 19, 2023
Automatically run Identity Refresh after role assignment IIQ Discussion and Questions identityiq , provisioning , roles	2	38	October 21, 2024
Running Task From Rule IIQ Discussion and Questions rules , identityiq , identities	4	620	March 9, 2024