Unable to access account name in report field

sagar_kamalakar · January 24, 2025, 12:51am

Hi Team,
I have a requirement to show Terminated user with enabled access should have below fields
User, user name, termination date, enabled account, source

I am able to pull field values for User, user name, termination date, source.
But unable to fetch Enable Account name field it should be 'Active Directory.

Search query:
@accounts(disabled:false AND locked:false AND source.name:\"Active Directory\") AND (NOT attributes.cloudLifecycleState:\"active\") 


 "columns": {
        "identity": [
            {
                "field": "displayName",
                "header": "Display Name"
            },
            {
                "field": "name",
                "header": "Username"
            },
            {
                "field": "endDate",
                "header": "Termination Date"
            },
            {
                "field": "source.name",
                "header": "Source Name"
            },
            {
                "field": "attributes.cloudLifecycleState",
                "header": "Lifecycle State"
            }
        ],
        "account": [
            {
                "field": "name",
                "header": "Target"
            }
        ]

Any pointers would be highly appreciated.

Abhishek_1995 · January 24, 2025, 3:59am

Hi @sagar_kamalakar ,

Please try this search query it may be helpful for you.

Find all identities that have a lifecycle state of terminated in IdentityNow with accounts on Active Directory that are still enabled:

attributes.cloudLifecycleState:Inactive AND @accounts(source.name:"Active Directory" AND disabled:"false")

Thank you!

sagar_kamalakar · January 24, 2025, 4:35pm

Hi @Abhishek_1995
Thanks for your response. But I need to add field in report as Account should have value as ‘Active Directory’. is there any way we have to update our saved search to add target source name. e.g. Active Directory not authoritative source name which we can pull though identity property as source.name.

agutschow · January 25, 2025, 12:12am

UI Solution:
If you are trying to get get to the data for reviewing manually, when you run your report, download the report “Include Access Details”

This will give you a CSV file that you can download and manipulate in Excel to get the required data:

RestAPI
If you are trying to do something programmatically, you can get a little closer using the /search API:

This query will give you the fields you are looking for but will include all accounts:

{
  "indices": [
    "identities"
  ],
  "query": {
    "query": "attributes.cloudLifecycleState:Inactive AND @accounts(source.name:\"Active Directory\" AND disabled:\"false\")",
    "fields": null
  },
    "queryResultFilter": {
        "includes": [
            "accountId",
            "name",
            "firstName",
            "lastName",
            "attributes.cloudLifecycleState",
            "attributes.endDate",
            "accounts.id",
            "accounts.name",
            "accounts.disabled",
            "accounts.source.name"
        ]
    }
}

The results will look like:

Another option if you are mostly interested in the account data would be to use innerHit. This will limit the data to only the for the AD accounts:

type or paste code here{
  "indices": [
    "identities"
  ],
  "query": {
    "query": "attributes.cloudLifecycleState:Inactive AND @accounts(source.name:\"Active Directory\" AND disabled:\"false\")",
    "fields": null,
     "innerHit": {
      "query": "source.name:\\\"Active Directory\\\"",
      "type": "accounts"
    }
  }
}

The results will look like:

Unfortunately, you can use queryResultFilters and innerHit at the same time. Although, you could programmatically do this by running both queries and merging the result sets.

If your end goal is a csv or is more complicated (like wanting to automatically disable these accounts or other API calls), you might look at using the SDK.

There is a video to get started:

Here is the documentation: Search with the PowerShell SDK | SailPoint Developer Community

From the SDK, you can get your results, process the data, and export the data directly to a CSV or process it in other ways.

sagar_kamalakar · January 26, 2025, 2:46pm

@agutschow . Thanks, I tried the queries you suggested. However, I need to create a report and send it via email, which requires creating a saved search. I couldn’t find any option for queryResultFilter or innerhit options available in the saved search API. Is there any option I need to set in saved search API to enable ‘Include Access Details’?

system · March 27, 2025, 2:46pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.