Register Sign in Need help? FAQ SailPoint directory
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Attribute synchronization enhancements in IdentityIQ 8.2

Attribute synchronization enhancements in IdentityIQ 8.2

 

IdentityIQ 8.2 delivers some enhancements to how attributes can be synchronized from IdentityIQ to target systems. These enhancements improve the traceability of attribute synchronization, allowing you to audit and review what has been changed, where the changes where synchronized, and the status of provisioning attempts.

You can also integrate attribute synchronization with a business process, which lets you generate approvals for attribute synchronization changes, and gives you more control over when and how you want to launch attribute synchronization activity.

 

Video: Attribute synchronization enhancements

This brief video gives an overview and demo of the enhancements to attribute synchronization in IdentityIQ 8.2.

 

Using business processes to manage attribute synchronization

In IdentityIQ 8.2, you can integrate a business process with attribute synchronization, to let you manage the synchronization of multiple attributes together, in a single request and approval process. This option is available only if you have Lifecycle Manager implemented.

You can set a global option so that all attribute synchronization is handled by a business process, or you can choose individual attributes to manage using a business process.

 

Configuring attribute synchronization to use a business process

To enable a global business process for attribute synchronization:

  1. Click gear > Global Settings > IdentityIQ Configuration.
  2. Click the Identities tab.
  3. In the Business Processes section, choose the business process to use for Attribute Sync. IdentityIQ provides a standard Attribute Sync business process that meets most use cases; you can edit this business process to tailor it to your needs, and you can also create and choose a custom business process if you prefer.
  4. Check the Always Sync using workflow option in the Identity Attributes section. Leaving this option unchecked means that you can set the option to use the business process individually on each attribute in Identity Mappings.
  5. Save your changes.

AttributeSyncConfigure.png

 

To enable a business process handling for attribute synchronization individually for specific attributes:

  1. Follow the steps above to select a business process in the IdentityIQ Configuration, but do not check the Always Sync using workflow option.
  2. In the gear > Global Settings > Identity Mappings page, click the attribute you want to manage with a business process.
  3. If you haven’t already set up your Target Mappings for this attribute, refer to the IdentityIQ product documentation for details on how to do so.
  4. In the Advanced Options section, check the Sync with Workflow option.
  5. Save your changes.

AttributeSyncWFPerAttribute.png

 

Customizing the business process for attribute synchronization

IdentityIQ provides a standard business process for attribute synchronization; you can modify this business process according to your business needs.

  1. Click Setup > Business Processes.
  2. Click the Attribute Sync business process to select it.
  3. You can modify most of the details of this business process; the ones you are most likely to want to modify are the Process Variables:
  • Approvals can be enabled or disabled in the Approval section. If Approvals are enabled, you can choose who is responsible for approving requested attribute changes.
  • Notifications can be enabled or disabled. When they are enabled you can select who should be notified when attribute changes are completed.

AttrSyncBusinessProcess.png

 

Auditing attribute synchronization

If you want the ability to audit details about attribute synchronization, such as what triggered the synchronization, or which attributes were synchronized to which target systems, use IdentityIQ’s Audit Configuration to enable auditing for this activity:

  1. Click gear > Global Settings > Audit Configuration.
  2. On the General Actions tab, check the box for Attribute Sync.
  3. Save your changes.

To view audit details for attribute synchronization activity:

  1. Click Intelligence > Advanced Analytics.
  2. In the Search Type dropdown, choose Audit.
  3. In the Action field under Audit Attributes, choose attributeSync. Note that attributeSync will not be available as a choice in this list unless there is attribute synchronization activity that has been completed in your system.
  4. Enter any other search criteria you want to use.
  5. Click Run Search.
Labels (1)
Labels:
Comments
Srinibtec
‎Dec 08, 2021 05:32 AM
‎Dec 08, 2021 05:32 AM

Thank you for the detailed information and can we get old attribute value in the audit event or attribute sync workflow?

sonali_manhas
‎Mar 20, 2023 07:14 AM
‎Mar 20, 2023 07:14 AM

Using this framework, the attribute updates from our authoritative source are not synced to the target attributes. We have all configurations in place, as listed by this post. IIQ version is 8.3p1. Any pointers?

sonali_manhas
‎Mar 22, 2023 06:06 AM
‎Mar 22, 2023 06:06 AM

@cathy_mallet , @darylclaude_medina - Could you please help with my comment on this post? Thank you.

cathy_mallet
‎Mar 22, 2023 09:36 AM
‎Mar 22, 2023 09:36 AM

Hi @sonali_manhas, an article like this is not the best place to try to get guidance on specific issues. You might try posting a Q, with more details about your situation, in the IdentityIQ wiki, or perhaps contact Support. Sorry I can't be more help here.

M_Walker
‎Mar 30, 2023 06:57 AM
‎Mar 30, 2023 06:57 AM

This seems to work when an identity attribute is updated directly in IIQ but not when an identity attribute is updated from a source mapping (even after aggregation, refresh identity, perform maintenance tasks run).  

 

Version history
Revision #:
7 of 7
Last update:
‎Mar 15, 2023 04:36 PM
Updated by:
Community Administrator
 
View Article History