- Products & services Products & services
- Resources ResourcesLearning
- Learning
- Identity University Get technical training to ensure a successful implementation
- SailPoint professional certifications & credentials Advance your career or validate your identity security knowledge
- SailPoint recertification program Get recertified by demonstrating ongoing learning
- Training onboarding guide Make of the most of training with our step-by-step guide
- Training FAQs Find answers to common training questions
- Community Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Compass
- :
- Discuss
- :
- Community Wiki
- :
- IdentityIQ Wiki
- :
- Determining options when running an identity refresh in a workflow step
Options
- Article History
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Content to Moderator
Determining options when running an identity refresh in a workflow step
Determining options when running an identity refresh in a workflow step
As many of you may know, we can run an Identity Refresh on a single identity as part of any workflow. This is used in several places in our out-of-the-box workflows to refresh certain items for an Identity.
One such example is in our "LCM Create and Update" workflow. In this workflow, we call the identityRefresh workflow method as such after we make changes to the cube being Created or Edited:
<Step action="call:refreshIdentity" condition="ref:doRefresh" icon="Task" name="Refresh Identity" posX="954" posY="114">
<Arg name="identityName" value="ref:identityName"/>
<Arg name="correlateEntitlements" value="true"/>
<Arg name="provision" value="true"/>
<Arg name="synchronizeAttributes" value="true"/>
In this case, the Identity Refresh step will do the following:
- correlateEntitlements - Refresh assigned, detected roles and promote additional entitlements - Handle Role Assignments/Deassignments
- provision - Provision assignments - Handle provisioning related to Role Assignments/Deassignments
- synchronizeAttributes - Synchronize attributes - Provision any Identity Attribute changes to the targets defined in your Identity Mappings
Any options available in the Identity Refresh task may be set and passed in as arguments for your identityRefresh Workflow Method call.
See the table here for what those options are:
| Task Argument | Identity Refresh Task UI Option | Used for: |
|---|---|---|
| checkHistory | Maintain identity histories | |
| checkPolicies | Check active policies | Check the identity for any policy violations |
| correlateEntitlements | Refresh assigned, detected roles and promote additional entitlements | Handle Role Assignments/Deassignments (use in conjunction with "provision" below to provision the changes caused by these assignments. |
| correlateScope | Refresh assigned scope | |
| deleteDormantGroups | Clean up groups definitions that are no longer referenced | |
| disableManagerLookup | Disable connector lookup of managers that do not correlate | |
| doManualActions | Enable the generation of work items for unmanaged parts of the provisioning plan. | |
| enablePartitioning | Enable partitioning | Not applicable when refreshing a single identity - This option is only used when refreshing many identities, not just a single one. |
| excludeInactive | Exclude identities marked inactive | |
| forceWorkflow | Always launch the workflow (even if the usual triggers don't apply) | |
| includeWindowModified | Include modified identities in the refresh window | |
| keepInactiveViolations | Keep previous violations | |
| markDormantScopes | Mark dormant scopes after refresh | |
| noAutoCreateScopes | Disable auto creation of scopes | |
| noRoleDeprovisioning | Disable deprovisioning of deassigned roles | |
| processTriggers | Process events | Run LCM Lifecycle Events if configured |
| promoteAttributes | Refresh identity attributes | Update Identity Attributes based on Aggregated Data |
| promoteManagedAttributes | Promote managed attributes | |
| provision | Provision assignments | Handle provisioning related to Role Assignments/Deassignments |
| refreshCertifications | Refresh continuous certifications | |
| refreshCompositeApplications | Refresh logical application links | |
| refreshGroups | Refresh the group scorecards | Refresh your Groups (based on Define --> Groups --> Groups configuration) based on Identity attribute changes |
| refreshIdentityEntitlements | Refresh Identity Entitlements for all links | |
| refreshLinks | Refresh all application account attributes | Refresh all of a user's account attributes. This forces an aggregation of all of a user's accounts. |
| refreshManagerStatus | Refresh manager status | Refresh a user's manager status based on any changes to the Identity |
| refreshRoleMetadata | Refresh role metadata for each identity | |
| refreshScorecard | Refresh the identity risk scorecards | Refresh an identities Risk scores based on any changes in Role Assignments, Attributes, etc. |
| synchronizeAttributes | Synchronize attributes | Provision any Identity Attribute changes to the targets defined in your Identity Mappings |
Version history
© 2026 SailPoint Technologies, Inc. All Rights Reserved.