Skip to content

Configuring Full Text Searching

When full text searching is enabled, you can use the following types of searches to find the correct access to request:

  • Keyword search – search based on keywords that relate to role, entitlements and descriptions.

  • Affinity search – search for access based on what other users who are similar to them currently have.

Feature/Enhancement Description Benefit
Keyword search Search that finds results based on role and entitlement names, descriptions and extended attributes using relevance-based search and predictive analytics. Provides a familiar shopping experience for end users. The keyword search makes it possible for end users and managers to find the right access to request.
Affinity Search Guides users to the right access to request by enabling them to find roles or entitlements assigned to specific users or a population of users. Enables users to locate roles and entitlements by reviewing access that others in the organization have. The affinity search provides a controlled, governance-based approach that enables you to compare similar access and view any areas of risk, such as high identity risk scores or open policy violations.

Enabling Full Text Searching

To enable the most basic full text searching:

  1. From the navigation menu bar, go to gear icon > Lifecycle Manager Configuration page. Select the Enable Full Text Search option on the Addition Options Tab.

  2. Select the Enable Full Text Search.

  3. Run the Full Text Index Refresh task. Refer to the system administration documentation for more information.

Note

The Full Text Index Refresh must run every time you make a change to roles, managed attributes, or the FullTextIndex objects in your enterprise. The index files are only updated when this task is run. If you do not select this option, you will have to schedule the Full Text Index Refresh to run periodically or you will have to remember to run it manually.

When you run the Full Text Index Refresh task the first time, files for each FullTextIndex object in your IdentityIQ configuration are created.

  • Setting the Location of Index Files

  • Adding Additional Fields

  • Special Considerations

Setting the Location of Index Files

To set the location of the index files, edit the FullTextIndex objects and add an indexPath key.

For example, <entry key="indexPath" value="indexFileLocation"> where IndexFileLocation is a fully qualified path name. By default the index files for roles, BundleIndex, managed attributes, ManagedAttributesIndex, and unstructured targets TargetAssociation are added to the WEB-INF folder of the directory where you installed IdentityIQ.

By default, after completing both steps above, you can do full text searches on the following fields:

  • Managed Attributes: displayableName, description, and application.name

  • Roles: name, displayableName, and description

  • Targets: name and description

Adding Additional Fields

To add additional fields, edit the FullTextIndex objects and add a field with analyzed="true" set: <FullTextField analyzed="true" name="myAttribute"/>.

The following example illustrates how to add a new full text searchable field (division) and indicate a location for the index files (/tmp/indexlocation). This example is for the roles index file.

Note

Roles are also referred to as bundles in the product code.

Field options:

  • Analyzed – used to index the field and for full text searching. Add analyze fields to include custom attributes in full text search.

  • Indexed – enables the field to be used in the advanced filters on the access request pages.

  • Stored – enables the field to return in the search results and display on the access request pages, if the user interface is designed to support this use.

  • Ignored – sets the field to not be used in full text searching nor filtering. This field does appear in the filter passed down from the user interface.

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE FullTextIndex PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<FullTextIndex created="1346076712810" id="4028818239686c4f0139686c9f6900e7" name="Bundle">
<Attributes>
<Map>
<entry key="fields">
<value>
<List>
<FullTextField analyzed="true" indexed="true" name="name"/>
<FullTextField analyzed="true" indexed="true" name="displayableName"/>
<FullTextField analyzed="true" name="description"/>
<FullTextField indexed="true" name="assignedScope.path"/>
<FullTextField indexed="true" name="type"/>
<FullTextField name="defaultDescription" stored="true"/>
<FullTextField ignored="true" name="disabled"/>
<FullTextField name="riskScoreWeight" stored="true"/>
<FullTextField name="owner.id"/>
<FullTextField name="owner.name"/>
<FullTextField name="owner.displayName" stored="true"/>
<FullTextField name="division" analyzed="true" indexed="true">
</List>
</value>
</entry>
<entry key="indexPath" value="/tmp/indexlocation"/>
</Map>
</Attributes>
</FullTextIndex>

Special Considerations

When FullTextSearch is enabled, Bundle / Role references within filter objects in Request Object Authority rules should include only the following indexed attributes:

  • name

  • displayableName

  • id

  • description

  • owner.name

  • owner.id

  • assignedScopePath (id of the associated scope).

Note

The only attributes that are indexed in the FullTextSearch index are listed above. If you use attributes that are not in this list, extra Bundles are returned during search, which can result in errors in the log.