| Checkbox | Code (XML Key) | Description |
|---|---|---|
| Optional filter string ... | filter | Filter string to limit users |
| Optional list of group or population ... | filterGroups | Groups or Populations to only refresh |
| Refresh identities whose last refresh date is before ... | thresholdDate | Threshold date for refresh |
| Refresh identities whose last refresh date is at least ... | excludeWindow | Exclude window |
| Refresh identities whose last refresh date is within ... | includeWindow | Include window |
| Include modified identities ... | includeWindowModified | Include modified identities in the window |
| Refresh only identities marked ... | filterNeedsRefresh | Only include identities marked as needing refresh after aggregation |
| Do not reset the needing refresh ... | noResetNeedsRefresh | Does not reset the needsRefresh flag |
| Exclude identities marked inactive | excludeInactive | Do not refresh inactive identities |
| Refresh identity attributes | promoteAttributes | Compute identity attributes |
| Refresh Identity Entitlements ... | refreshIdentityEntitlements | Update IdentityEntitlement objects |
| Refresh Manager status | refreshManagerStatus | Refresh managers |
| Refresh assigned, detected roles ... | correlateEntitlements | |
| Provision assignments | provision | Add or remove entitlements when IT roles are assigned or de-assigned |
| Disable deprovisioning of deassigned roles | noRoleDeprovisioning | When a role is removed, leave the entitlements |
| Refresh role metadata for ... | refreshRoleMetadata | Refresh stats on all roles |
| Enable manual account selection | enableManualAccountSelection | If a user has multiple accounts send work item to choose |
| Synchronize attributes | synchronizeAttributes | Write identity attributes to targets |
| Refresh the identity risk scorecards | refreshScorecard | Refresh just the identity portion |
| Maintain identity histories | checkHistory | Save Identity History for debugging |
| Refresh the group scorecards | refreshGroups | Refresh just the group portion |
| Clean up groups definitions that are ... | deleteDormantGroups | Delete if no members |
| Check active policies | checkPolicies | Forensic check of policies |
| Keep previous violations | keepInactiveViolations | Do not delete violations |
| Comma separated list of Policy Names | policies | Specific policies to check |
| Refresh assigned scope | correlateScope | Refresh all scopes on the user |
| Disable auto creation of scopes | noAutoCreateScopes | Do not assign scopes to the users |
| Mark dormant scopes | markDormantScopes | Empty scope marked for reference |
| Process events | processTriggers | Evaluate rules to trigger a responsse |
| Disable Identity Processing Threshold | disableIdentityProcessingThreshold | Ignore threshold. |
| Refresh logical application links | refreshCompositeApplications | Update composite applications |
| Promote managed attributes | promoteManagedAttributes | Update entitlements if active |
| Number of refresh threads | refreshThreads | Number of refresh threads |
| Always launch the workflow | forceWorkflow | Launch a workflow each refresh |
| Enable the generation of work items | doManualActions | Generate work items for unmanaged applications |
| Disable connector lookup of managers | disableManagerLookup | Do not seek out manager, do not save if found |
| Enable partitioning | enablePartitioning | Enable partitioning |
| Number of partitions | partitions | Number of partitions |
| Loss limit | lossLimit | Users re-refreshed on |
| Do not schedule retry requests ... | noMaintenanceWindowRetry | Do not allow retries during refresh. |
Friday, February 23, 2024
Programmatic Options for Identity Refresh
When running an identity refresh you have to feed a Map of values. This listing shows the names and the checkboxes it checks on the UI.
Subscribe to:
Posts (Atom)