To get list of Identities

Hi,

How can we get the list of enabled roles in Identitynow that has zero users assigned to it even after assigning the correct criteria.

You can start with the list roles API. If you’re able to write a script, you can fetch all of the roles using that API and then check which ones are enabled, have a membershipCriteria of type STANDARD, and have null for the membership.identities attribute. This will tell you which roles have membership criteria but no identities match the criteria. Below is an example of a role that has no members.

{
        "description": "WIFI group 1 for employees based in london",
        "owner": {
            "type": "IDENTITY",
            "id": "2c9180867624cbd7017642d8c8c81f67",
            "name": "colin.mckibben"
        },
        "accessProfiles": [],
        "membership": {
            "type": "STANDARD",
            "criteria": {
                "operation": "OR",
                "key": null,
                "stringValue": "",
                "children": [
                    {
                        "operation": "EQUALS",
                        "key": {
                            "type": "IDENTITY",
                            "property": "attribute.wifiGroup",
                            "sourceId": ""
                        },
                        "stringValue": "London:1",
                        "children": []
                    }
                ]
            },
            "identities": null
        },
        "legacyMembershipInfo": null,
        "enabled": true,
        "requestable": true,
        "accessRequestConfig": {
            "commentsRequired": false,
            "denialCommentsRequired": false,
            "approvalSchemes": []
        },
        "revocationRequestConfig": {
            "commentsRequired": false,
            "denialCommentsRequired": false,
            "approvalSchemes": []
        },
        "segments": [],
        "id": "2c9180857b5fb539017b7829ab9a4903",
        "name": "London WIFI 1",
        "created": "2021-08-24T12:36:42.010Z",
        "modified": "2022-11-08T19:07:18.711Z"
    }
1 Like

@colin_mckibben . Looks like membership.identities attribute will always be null even if the roles have identities in them.

Use this API to get users assigned to each role. If needed, you can utilize the count parameter or get the account of array.

2 Likes