Skip to content

Tasks Page

The Tasks page contains a list of all of the tasks that have been created. The first time you access the Task page you see the predefined tasks provided by SailPoint. The tasks are grouped into categories based on the task type. You can expand or contract the categories on the grid using the plus (+) or minus (-) icon next to the category name.

Note

Task category headings are only displayed if a task exists in that category.

The task categories are:

  • Account Aggregation
  • Account Group Aggregation
  • Activity Aggregation
  • Activity Alerts
  • Certification Refresh
  • Generic
  • Identity
  • Scoring
  • System
  • Target Aggregation

Use the search options to limit the number of tasks displayed in the table. Entering a letter, or partial name, in the Search field displays any tasks with names containing that letter pattern.

Use this page to create, edit, run, schedule or delete task.

See Working with Tasks.

The Tasks page contains the following information:

Field Name Description
Name The name of the task as defined when the it was created.
Description A brief description of the specific task.

Predefined Tasks

SailPoint provides a number of predefined tasks that can be run to aggregate, correlate and refresh information within your enterprise.

Note

The predefined tasks are not templates that can be used to create new tasks. Changes made to these tasks overwrite exiting information. To create new task you must use the New Task dropdown menu at the bottom of the page.

Caution: These tasks are defined to perform specific functions within your enterprise. Deleting or altering these tasks might have negative affects on the performance of IdentityIQ.

SailPoint provides the following tasks:

Generic Tasks:

  • Refresh Role Indexes -- update all role information and create the indexes needed to perform role searches. You must run this task before performing any role searching.

Identity Tasks:

  • Check Active Policies -- scan all users for policy violations and update Identity Risks Scores. Edit this task to specify how policy violations are handled when detected.

  • Prune Identity Cubes -- delete identities that have no account links and have no important references. Identities in any of the following states are protected:

    • Marked protected

    • Is a manager (managerStatus flag true)

    • Has capabilities

    • Bundle, Application, Workitem, or TaskResult owners

    • Work item requestor

    • Application secondary owner

    • Application remediator

    • Creator of a MitigationExpiration

If the protectIfCertifying option is on, identities are protected if they are in an active certification. There is also an option to run the scan for analysis but not delete any identities.

  • Refresh Entitlement Correlation -- scan all user entitlements and applications to update role assignments.

  • Refresh Groups -- scan all users and update the group indexes for all identity groups.

  • Refresh Identity Cube -- perform a full refresh of the identity cubes for all users. Edit this task to specify which portions of the identity cubes are refreshed by this task.

  • Refresh Risk Scores -- scan all users and update the Identity Risk Scores for each.

Scoring Tasks:

  • Refresh Application Scores -- runs the scoring algorithms against all specified applications and updates the Application Risk Scores page.

  • Refresh Role Scorecard -- analyzes each role in the system and collects statistics about them.

System Tasks:

  • Check Expired Mitigations -- scans all users for temporary exceptions allowed in a certification that have now expired. The original certifier can optionally be notified when allowed exceptions expire.

  • Check Expired Work Items -- scans all work items looking for those that need to be canceled or escalated to a different user.

  • Check End Requests -- send notifications when a Role with an end date is approaching expiration.

  • Complete Orphaned Identity Requests -- removes completed requests for roles that exist in your system.

  • Dispatch Access History -- transforms IdentityIQ objects to create a JSON message and dispatches it to the access history service.

  • Effective Access Index Refresh -- refreshes or rebuilds the effective access index.

  • Full Text Index Refresh -- builds and refreshes the index files used for full text searches on defined fields on the access request pages of the Lifecycle Manager. The index files are rebuilt each time this task is run.

  • Perform Identity Request Maintenance -- prunes old identity request objects and scans unverified access requests to check for provisioning completeness.

  • Perform Maintenance -- prunes identity snapshots, task results, and certifications, escalates orphaned work items, and performs other background maintenance tasks.

Note

Electronically signed objects are not affected by this task.

  • Refresh Role-Entitlement Associations -- deletes all existing role-entitlement associations and re-creates them for all roles.

    Remove Orphan Role Requests -- stops and removes requests for roles that no longer exists in your system. For example, if the end date for a role passes before the request is processed, this task removes that request.

  • Role Overlap Analysis -- performs impact analysis on a specified role. The task result name is annotated with the name of the selected role so you can tell multiple analysis results apart.

  • Synchronize Roles -- synchronizes IdentityIQ roles with the roles on the identity management systems that are configured to work through a provisioning provider.