Identity State was rolled out to my organization’s sandbox instance and I am able to successfully run a search query (ex: attributes.identityState:“active” returns all identities with a cloud lifecycle state marked as being in identityState == active) but I am not able to assign roles via the UI using this criteria. I am able to use identityState as assignment logic via the API but in the UI I get an error “Attribute does not exist”. Either this is a bug or identityState was only halfway rolled out.
@colin_mckibben any thoughts?
I have confirmation from the product team that this is not a bug. IdentityState is a system attribute, and we prevent admins from working with it directly. The downside is that it’s not selectable there. We may build out more functionality in the future to allow that.
I disagree with this design decision since admins are able to assign roles using identityState by changing assignment logic via an API.
1 Like
Although this is how it was designed, that doesn’t mean we can’t improve the functionality. You can submit an idea with your thoughts on how it should work.
1 Like