Why can't we use the Identity State in Role Assignment i.e.?

Dear community/Sailpoint,

We are in the process of reviewing some of our Birth Rights assignments and we were thinking of re-designing some of the criteria, as we have some assignments spanning over 2 Life cycle states for example.
That’s when we thought the Identity State might come in handy, as we could catch this with one condition group (identityState = active) instead of writing 2 AND conditions (cloudLifecycleState = prehire AND cloudLifecycleState = active), as prehire and active is in our organization considered to be an “active” Identity State.
Unfortunately we can’t select the IdentityState in the “Define Assignment” for roles.

Why would this state not be made available there if it is a part of the Identity Attributes?

Hello Adam !

My guess is that , IdentityState is not a searchable attribute

It is Searchable, forgot to mention that

{
    "sources": [
        {
            "type": "rule",
            "properties": {
                "ruleType": "IdentityAttribute",
                "ruleName": "Cloud Promote Identity Attribute"
            }
        }
    ],
    "name": "identityState",
    "displayName": "Identity State",
    "standard": false,
    "type": "String",
    "multi": false,
    "searchable": true,
    "system": true
}

Adam ..
Thanks for confirming .
Based on the documentation and my understanding , the role criteria for Identity Attributes :
We can chose an Identity Attribute which is part of Identity profile mapping .

Screenshot 2025-04-10 at 9.08.50 PM2392×516 103 KB

IdentityState is an attribute whose value is generated by Sailpoint based on LCS configuration but not from any of the source mapping in the Identity Profile .
The source of this data is not from the actual source data but from the sailpoint . I believe this might be the reason it is not exposed to be used in the role criteria

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.