Predefined Tasks

SailPoint provides a number of predefined tasks that can be run to aggregate, correlate and refresh information within your enterprise.

Note: The predefined tasks are not templates that can be used to create new tasks. Changes made to these tasks overwrite exiting information. To create new task you must use the New Task dropdown menu at the bottom of the page.

Caution: These tasks are defined to perform specific functions within your enterprise. Deleting or altering these tasks might have negative affects on the performance of IdentityIQ.

SailPoint provides the following tasks:

Generic Tasks:

  • Refresh Role Indexes – update all role information and create the indexes needed to perform role searches. You must run this task before performing any role searching.

Identity Tasks:

  • Check Active Policies – scan all users for policy violations and update Identity Risks Scores. Edit this task to specify how policy violations are handled when detected.

  • Prune Identity Cubes – delete identities that have no account links and have no important references. Identities in any of the following states are protected:

    • Marked protected

    • Is a manager (managerStatus flag true)

    • Has capabilities

    • Bundle, Application, Workitem, or TaskResult owners

    • Work item requestor

    • Application secondary owner

    • Application remediator

    • Creator of a MitigationExpiration

If the protectIfCertifying option is on, identities are protected if they are in an active certification. There is also an option to run the scan for analysis but not delete any identities.

  • Refresh Entitlement Correlation – scan all user entitlements and applications to update role assignments.

  • Refresh Groups – scan all users and update the group indexes for all identity groups.

  • Refresh Identity Cube – perform a full refresh of the identity cubes for all users. Edit this task to specify which portions of the identity cubes are refreshed by this task.

  • Refresh Risk Scores – scan all users and update the Identity Risk Scores for each.

Scoring Tasks:

  • Refresh Application Scores – runs the scoring algorithms against all specified applications and updates the Application Risk Scores page.

  • Refresh Role Scorecard – analyzes each role in the system and collects statistics about them.

System Tasks:

  • Check Expired Mitigations – scans all users for temporary exceptions allowed in a certification that have now expired. The original certifier can optionally be notified when allowed exceptions expire.

  • Check Expired Work Items – scans all work items looking for those that need to be canceled or escalated to a different user.

  • Check Sunset Requests – send notifications when a Role with a sunset date is approaching expiration.

  • Complete Orphaned Identity Requests – removes completed requests for roles that exist in your system.

  • Dispatch Access History – transforms IdentityIQ objects to create a JSON message and dispatches it to the access history service.

  • Effective Access Index Refresh – refreshes or rebuilds the effective access index.

  • Full Text Index Refresh – builds and refreshes the index files used for full text searches on defined fields on the access request pages of the Lifecycle Manager. The index files are rebuilt each time this task is run.

  • Perform Identity Request Maintenance – prunes old identity request objects and scans unverified access requests to check for provisioning completeness.

  • Perform Maintenance – prunes identity snapshots, task results, and certifications, escalates orphaned work items, and performs other background maintenance tasks.

Note: Electronically signed objects are not affected by this task.

  • Refresh Role-Entitlement Associations – deletes all existing role-entitlement associations and re-creates them for all roles.

    Remove Orphan Role Requests – stops and removes requests for roles that no longer exists in your system. For example, if the sunset date for a role passes before the request is processed, this task removes that request.

  • Role Overlap Analysis – performs impact analysis on a specified role. The task result name is annotated with the name of the selected role so you can tell multiple analysis results apart.

  • Synchronize Roles – synchronizes IdentityIQ roles with the roles on the identity management systems that are configured to work through a provisioning provider.