Skip to content

Batch Requests

Note

If the order of operations is important, create a separate file for each request type and run them sequentially.

Batch Requests enable you to generate specific types of access requests for more than one user at a time. The required data is gathered from a prepared comma-delimited file for each request type. The batch files require comma-delimited data that represents the individual requests. In most cases the native identity or identity name can be used to specify the request target.

There might be an batch size limit set during the configuration of IdentityIQ. If you run into issues, contact your administrator.

To access the Batch Request option, navigate to Setup > Batch Requests.

Note

An identity must have IdentityIQ administrative capabilities to use this option. For information about setting up administrative capabilities, contact your IdentityIQ administrator.

For more information, see:

  • Batch Requests Page – provides information on how to view, create, stop, or delete batch requests

  • Batch Request Types and Examples – provides descriptions and examples of the types of batch requests

  • Batch Request Details Page – provides information on how to view specific information about a batch request

  • Create Batch Request Page – provides information on how to import prepared comma-delimited files and set the parameters of the batch request.

Batch Requests Page

Use the Batch Requests page to:

  • View all batch requests that are assigned to you or to one of your workgroups

  • View all batch requests that you requested

  • Create a new batch request

  • Stop or delete an existing batch request

You can perform the following tasks:

  • View details about a batch request – double-click on a batch request entry in the table. See Batch Request Details Page.

  • Create a new batch request – click New Batch Request at the top of the table. See Create Batch Request Page.

  • Stop or delete a batch request – right-click the batch request entry in the table.

View Batch Requests

To sort the information in the table by ascending or descending order, click the table header. Alternatively, mouse over the header row and use the dropdown arrow to select ascending or descending order. To select which rows are displayed:

  1. Mouse over a header row.

  2. Click the dropdown arrow.

  3. Mouse over Columns to display the column options.

  4. Use the check boxes to select which columns appear in the table.

Use the search field at the top of the table to filter the results of the Batch File Name column. Double-click a batch request line item to view the Batch Request Details page. Right-click a line item to Terminate or Delete the batch request.

Column Name Description
Batch File Name The file location where the batch file is originated.
Request Date The date the batch request was generated.
Run Date The date the batch request was executed.
Completed Date The date the batch request was completed.
Record Count The number of items within the batch request.
Status The current status of the batch request.

Scheduled – batch request is scheduled to run at a later date.
Running – batch request is currently running.
Executed – batch request was run successfully.
Terminated – batch request process was cancelled.

Batch Request Types and Examples

This section describes the batch request types and criteria required in the comma-delimited file with examples. IdentityIQ supports the following types of batch requests:

  • Creating Identities by Batch Request

  • Modifying Identities by Batch Request

  • Creating Accounts by Batch Request

  • Deleting Accounts by Batch Request

  • Enabling / Disabling Accounts by Batch Request

  • Unlocking Accounts by Batch Request

  • Adding Roles by Batch Request

  • Removing Roles by Batch Request

  • Adding Entitlements by Batch Request

  • Removing Entitlements by Batch Request

  • Changing Passwords by Batch Request

Batch request types with similar data and columns can be mixed in the same file. The following batch request types must be in a separate file:

Note

To specify multiple entitlements or roles in the same request, use the pipe (|) delimiter to separate each role or entitlement.

  • Create Identity

  • Modify Identity

  • Change Password

Date Formats in Batch Requests

If your batch request CSV file includes dates, they must be in one of these supported formats:

MM/DD/YYYY
Examples:
3/17/2023
09/28/2023

MM/DD/YYYY HⓂs
Examples:
01/26/2023 16:45:51
1/26/2023 16:45:51

MM/DD/YYYY HⓂs z
Examples:
02/22/2222 22:22:22 GMT+02:00
2/22/2222 22:22:22 GMT

Creating Identities by Batch Request

Use a Create Identity batch request to create a list of identities from a prepared comma-delimited spreadsheet. The operation in the spreadsheet for a Create Identity batch request is CreateIdentity.

Example:

operation, name, location, email, department CreateIdentity, Alex Smith, Austin, asmith@adept.com, Accounting CreateIdentity, Bob Smith, Austin, asmith@adept.com, Engineering CreateIdentity, Mark Smith, Austin, asmith@adept.com, Accounting CreateIdentity, John Smith, Austin, johnsmith@adept.com, Finance

Modifying Identities by Batch Request

Use a Modify Identity batch request to modify or change the data of a list of identities from a prepared comma-delimited spreadsheet. The operation in the spreadsheet for a Modify Identity batch request is ModifyIdentity.

Example:

operation, identityName, location, email, department ModifyIdentity, Alex Smith, Austin, asmith@adept.com, Accounting ModifyIdentity, Bob Smith, Austin, asmith@adept.com, Engineering ModifyIdentity, Mark Smith, Austin, asmith@adept.com, Accounting ModifyIdentity, John Smith, Austin, johnsmith@adept.com, Finance

Creating Accounts by Batch Request

Use a Create Account batch request to create accounts for a list of identities from a prepared comma-delimited spreadsheet. The operation in the spreadsheet for a Create Account batch request is CreateAccount.

Example:

operation, application, nativeIdentity | identityName, email CreateAccount, AdminsApp, atoby, atoby@example.com CreateAccount, AdminsApp, jsmith, jsmith@example.com

Deleting Accounts by Batch Request

Use a Delete Account batch request to delete accounts for a list of identities from a prepared comma-delimited spreadsheet. The operation in the spreadsheet for a Delete Account batch request is DeleteAccount.

Example:

operation, application, nativeIdentity | identityName, email DeleteAccount, AdminsApp, atoby, atoby@example.com DeleteAccount, AdminsApp, jsmith, jsmith@example.com

Enabling / Disabling Accounts by Batch Request

Use an Enable / Disable Account batch request to enable or disable accounts on a specific application for a list of identities from a prepared comma-delimited spreadsheet. The operation in the spreadsheet for an Enable Account batch request is EnableAccount. The operation in the spreadsheet for an Disable Account batch request is DisableAccount.

Example:

operation, application, nativeIdentity | identityName EnableAccount, AdminsApp, abell EnableAccount, AdminsApp, jsmith EnableAccount, AdminsApp, mjohnson

Unlocking Accounts by Batch Request

Use an Unlock Account batch request to unlock application accounts for a list of identities from a prepared comma-delimited spreadsheet. The operation in the spreadsheet for an Unlock Account batch request is UnlockAccount.

Example:

operation, application, nativeIdentity | identityName UnlockAccount, AdminsApp, abell UnlockAccount, AdminsApp, jsmith UnlockAccount, AdminsApp, mjohnson

Adding Roles by Batch Request

Use an Add Role batch request to add one or more roles to a list of identities from a prepared comma-delimited spreadsheet. The operation in the spreadsheet for an Add Role batch request is AddRole.

Example:

operation, roles, identityName, sunrise, sunset AddRole, Helpdesk Associate, 122, 2/1/2012, 2/1/2013 AddRole, Benefits Manager, 222, 2/1/2012, 2/1/2013 AddRole, Accounting, 222, 2/1/2012, 2/1/2013 AddRole, Helpdesk Associate, 222, 2/1/2012, 2/1/2013

Removing Roles by Batch Request

Use a Remove Role batch request to remove one or more roles from a list of identities from a prepared comma-delimited spreadsheet. The operation in the spreadsheet for a Remove Role batch request is RemoveRole.

Example:

operation, roles, identityName RemoveRole, Helpdesk Associate, 122 RemoveRole, Helpdesk Associate, 132 RemoveRole, Helpdesk Associate, 143 RemoveRole, Helpdesk Associate, 156

Adding Entitlements by Batch Request

Use an Add Entitlement batch request to add one or more entitlements to a list of identities from a prepared comma-delimited spreadsheet. The operation in the spreadsheet for an Add Entitlement batch request is AddEntitlement.

Example:

operation, application, attributeName, attributeValue, nativeIdentity | identityName AddEntitlement, Procurement_System, group, @Audit, id1 AddEntitlement, Procurement_System, group, @Audit, id2 AddEntitlement, Procurement_System, group, @Audit, id3 AddEntitlement, Procurement_System, group, @Audit, id4 AddEntitlement, Procurement_System, group, @Audit, id5

Removing Entitlements by Batch Request

Use a Remove Entitlement batch request to remove one or more entitlements from a list of identities from a prepared comma-delimited spreadsheet. The operation in the spreadsheet for a Remove Entitlement batch request is RemoveEntitlement.

Example:

operation, application, attributeName, attributeValue, nativeIdentity | identityName RemoveEntitlement, Procurement_System, group, @Audit, id1 RemoveEntitlement, Procurement_System, group, @Audit, id2 RemoveEntitlement, Procurement_System, group, @Audit, id3 RemoveEntitlement, Procurement_System, group, @Audit, id4 RemoveEntitlement, Procurement_System, @Audit, id5

Changing Passwords by Batch Request

Use a Change Password batch request to change or reset passwords for a list of identities from a prepared comma-delimited spreadsheet. The operation in the spreadsheet for a Change Password batch request is ChangePassword.

Example:

operation, application, password, nativeIdentity | identityName ChangePassword, Active_Directory, 1111, jsmith ChangePassword, Active_Directory, 1111, mjohson ChangePassword, Active_Directory, 1111, ajones

Batch Request Details Page

Use the Batch Request Details page to view specific information about a batch request. The page is divided into two sections. The upper section provides information about the batch request as a whole including:

  • File Name

  • Date Requested

  • Date Launched

  • Date Completed

  • Status

  • Total Records

  • Total Completed

  • Total Errors

  • Total Invalid

The lower section includes the Batch Request Items table which displays information for each record in the batch request.

Request Data
Displays the comma-delimited data of the requested operation.

Status
Displays the current status of the record's request.
Running – requested item is still processing. This could indicate an approval or manual work item completion is needed.
Finished – the request process completed.
Terminated – the request was manually cancelled.
Invalid – something was wrong with the request. Click the cell to show further details.

Result
Displays the result of the record's request.
Success – the request completed.
Failed – the request failed due to a general validation error.
Approval – the request is waiting on an approval.
ManualWorkItem – indicates the request failed because the request type requires the generation of a manual work item and this was not a configured option in the batch request.
PolicyViolation – the request failed because of a policy violation.
ProvisioningForm – indicates the request failed because the request type requires the generation of a provisioning form and this was not a configured option in the batch request.
Skipped – something was wrong with the request and it was skipped. Click the cell to show further details.

Identity Request ID*

Note

You must select Identity Request ID when you create the batch request.

The request ID generated by the batch request.

Create Batch Request Page

Use the Create Batch Request page to import prepared comma-delimited files and set parameters of the batch request.

Choose batch file
Click Browse and navigate the prepared comma-delimited file location.

Error handling
Determines the batch request process behavior in the event of an error. If a request item generates errors, you can continue the tasks or stop the task after a specified number of errors.

Policy Option
Determines the batch request process behavior for policy violations. You can include policy checking or to fail on any policy violation.

Schedule to run
Choose to run the batch request immediately or select a later date and time when the request runs.

Manual input
Determines the batch request process behavior when a request needs manual interaction. You can skip batch requests which require additional manual input or create any necessary provisioning forms.

Work items
Determines the batch request process behavior when a request results in the generation of a work item. You can skip the request or create any necessary work items.

Handle create identity as modify if identity exists
Select this check box to handle a create identity batch request line item as modify identity request if identity exists.

Generate identity requests
Select this check box to create an identity request that can be viewed in Manage > Access Request.