Identity Search Criteria

The search criteria text fields support partial text strings using a starts-with protocol. For example, if you input "ro" in the Last Name field, the search results include Thomas Rowen and Betty Roberts.

If you want to use a "contains" type of search, so that using "ro" in the Last Name field would include "Brown" as well as "Rowen" and "Roberts," use the Advanced Search option and choose "Is Like" for the search operator. See Using Advanced Search Options.

Your search criteria is used to narrow the search results. If you do not type information in a search criteria field, all possible choices are included. For example, if you do not select an application from the Applications list, all applications are included.

Note: If the Load Saved Search panel displays, the search criteria for that search is loaded on the page. To create a new search click Clear Search.

The search fields are inclusive or "AND" type searches. Only actions matching values specified in all fields are included in the search results. For example, if you search by First Name John and Last Name Doe, the search results include only users with the character string John in their first name and Doe in their last name.

Use the Fields to Display panel on the right to select the identity and risk fields to display on the search results page.

Specify the search criteria and columns to display and click Run Search to display the search results. From the search results page, you can review the results of your search and save the search. See Search Results.

The Identity Search page has the following information:

Identity Attributes

Criteria	Description
Identity Attributes Identity attributes are pulled from the identity mapping information that is set during deployment and configuration. You can use full or partial strings in the text fields. Simple text searches use starts with logic; for example, "ro" in the Last Name field returns Roberts and Rowen. To search for results that contain the text string in the field, use the Advanced Search option and choose is like as the Search Type.
Searchable Attributes Searchable Attributes are attributes you created and that are designated as Searchable when an identity is generated during deployment and configuration. For example, Department, Organization, or Location.
Last Name	Last name criteria to use in the query.
First Name	First name criteria to use in the query.
User Name	User name criteria to use in the query.
Display Name	The identity name in IdentityIQ.
Email	Email address criteria to use in the query.
Manager	Manager criteria to use in the query. The Identity search results include all users that report to managers that match the criteria in this field.
Is Inactive	Select True to include identities currently marked inactive or False to include identities that are currently active in the search results.
Is Manager	Select True to include identities that are marked as manager or False to include identities that are not marked as manager in the search results.
Type	Employee type: - Employee - Contractor - External Partner - RPA/Bots - Service Accounts
Software Version	Only applicable to RPA / Bots Software version associated with the Robotic Process Automation (RPA) / bots.
Administrator	Only applicable to RPA / Bots The administrator of the Robotic Process Automation (RPA) / bots.
Applications	Select the applications to include in the search. If no applications are specified, all applications are included. Click the arrow to the right of the suggestion field to display a list of all applications or type a few letters in the field to display a list of applications that begin with that letter string. Identities need to match only one of the selected items to be included in the search results
Detected Roles	Select the detected roles to include in the search. If no roles are specified, all roles are included. Click the arrow to the right of the suggestion field to display a list of all roles or type a few letters in the field to display a list of roles that begin with that letter string. For hierarchical roles, the identity is included in the search results with each role in the hierarchy not only the highest level role.
Instance	The attribute that uniquely identifies a specific subdivision of an application.
Assigned Roles	Select the assigned roles to include in the search. If no roles are specified, all roles are included. Click the arrow to the right of the suggestion field to display a list of all roles or type a few letters in the field to display a list of roles that begin with that letter string. For hierarchical roles, the identity is included in the search results with each role in the hierarchy not only the highest level role.
Workgroup	Select the workgroups to include in the search. If no workgroups are specified, all workgroups are included.
Include Assigned Role Hierarchy	Select to include roles that are inherited from the assigned roles you selected for your search.

Entitlements

Criteria	Description
Entitlement Filters Select an application, attribute name and entitlement then click Add to filter by your selection.
Entitlement Metadata Filter your search to include identities with entitlements meet specific IdentityIQ-related criteria.
Certification	Has uncertified entitlements – use the dropdown list and select True or False to specify search results that include identities that have uncertified entitlements. Has entitlements pending certification – use the dropdown list and select True or False to specify search results that include identities that have entitlements with pending certifications.
Request	Has entitlements that were not requested – use the dropdown list and select True or False to specify search results include identities with entitlements that were not requested. Has pending requests for entitlements – use the dropdown list and select True or False to specify search results that include identities that have entitlements with pending access requests.
Other	Aggregation Status – specify if the search must include identities whose entitlements are associated with applications that are Connected or Disconnected for aggregation. Is Assigned – use the dropdown list and select True or False to specify search results that include identities with entitlements were assigned and not detected.

Multi Valued Attributes

Criteria	Description
Multi-Valued Attributes: By default, IdentityIQ does not come preconfigured with any multi-valued attributes. Multi-valued attributes are created during deployment and configuration. To limit the search, add values associated with a multi-valued attribute. The search results include the member list for the selected values. Use the and / or operator to define the search criteria. For example, for multi-valued identity attributes you can search by cost center or projects that have multiple values on multiple applications. For multi-value account attributes you can use group membership for specific accounts such as payroll or strategy and planning.
Certification Score	The sum of compensated risk scores associated with certifications.

Criteria

Description

Multi-Valued Attributes:

By default, IdentityIQ does not come preconfigured with any multi-valued attributes. Multi-valued attributes are created during deployment and configuration.

To limit the search, add values associated with a multi-valued attribute. The search results include the member list for the selected values. Use the and / or operator to define the search criteria.

For example, for multi-valued identity attributes you can search by cost center or projects that have multiple values on multiple applications. For multi-value account attributes you can use group membership for specific accounts such as payroll or strategy and planning.

Certification Score

The sum of compensated risk scores associated with certifications.

Risk Attributes

Risk scores and compensating factors are defined when IdentityIQ is configured.

Criteria	Description
Composite Score	The total composite risk score for the identity.
Role Score	The sum of the compensated risk scores of each role assigned to this identity. To determine the compensated role risk score, compensating factors are applied to the role base risk score.
Role Score (Base)	The sum of role base risk scores. This score does not account for the compensating factors defined for role risk scoring.
Entitlement Score	The sum of the compensated risk scores of each entitlement assigned to this identity. To determine the compensated role risk score, compensating factors are applied to the entitlement base risk score.
Entitlement Score (Base)	The sum of entitlement base risk scores. This score does not account for the compensating factors defined for entitlement risk scoring.
Policy Score	The sum of compensated risk scores associated with policy violations as defined when IdentityIQ was configured. Policies do not affect identity risk scores until a violation occurs.
Certification Score	The sum of compensated risk scores associated with certifications.