Additional Settings

Define the scope of the records to fetch when aggregating user accounts and entitlements.

For example, to aggregate active accounts only, enable Exclude Disabled Accounts. To exclude the frozen accounts from aggregation, enable Exclude Frozen Accounts.

  1. (Optional) Enable Exclude Frozen Accounts to exclude frozen user accounts. These accounts have the Salesforce attribute IsFrozen set to true.

    Note
    To upgrade the existing source, you must add the account schema attribute IsFrozen.

  2. (Optional) Enable Exclude Disabled Account to aggregate only active accounts. This adds the following condition in the where clause of the Search Query for users:

    AND user.IsActive = true

  3. (Optional) Enable Disable User Creation Email toggle to disable sending emails when a user is created.

  4. (Optional) Enable the Create Contact on User Creation toggle to enable the creation of new Salesforce contacts at the same time you create new users. The newly created contacts use the same attribute data provided for the new users as applicable.

    Note
    SailPoint only supports simultaneous contact creation during user creation at this time. Simultaneous contact updates and deletions during user updates or deletions aren't supported.

    Afterward, if you want to add a new attribute for a contact that is also available as a user attribute, add the following entry key into the source XML:

    Copy 
    <entry key="contactAttributes">
        <value>
            <List>
                <String>Custom_Attribute</String>
                <String>NewAttribute</String>
            </List>
        </value>
    </entry>

    Refer to Best Practices: IdentityNow REST API Authentication and IdentityNow REST API - Update Source (Partial) for more information.

  5. Enter the scope of users to fetch during account or entitlement aggregation into the Search Query for Users field.

    Refer to Search Query for Users and Profiles for more information.

  6. Enter the scope of profiles to fetch during account or entitlement aggregation into the Search Query for Profiles field.

    Refer to Search Query for Users and Profiles for more information.

  7. Enter the search string to define the public groups to fetch during account or entitlement aggregation into the Search String for Public Groups field.

    For example:

    Select ID from Group where name='xyz'

  8. Enter the search string to define the permission sets to fetch during account or entitlement aggregation into the Search String for Permission Sets field.

    For example:

    Select ID from PermissionSet where IsOwnedByProfile=false

  9. Enter the search string to define the roles to fetch during account or entitlement aggregation into the Search String for Roles field.

    For example:

    Select ID from UserRole where name='xyz'

  10. Select Save.