Skip to content

Frequently Asked Questions and Sample Data Models

Refer to the following questions and examples to best leverage Search.

Frequently Asked Questions

How long does it take for my data to be updated in Search?

Data changes that impact identities and their access are usually accessible in Search immediately or within a few minutes, though in a busy environment, longer delays may occur. Updates which do not directly result in identity changes can take as long as 24 hours to be reflected in Search results because they are added to Search through a nightly job. These changes include:

This nightly job appears on the Dashboard > Monitor page as SYNCHRONIZE_IDENTITIES.

What time zone does Search use?

Search queries that include dates must use the GMT time zone.

Dates displayed in Search results are converted to the browser's time zone.

How long does my account activity data stay in Search?

Account activity tracks actions that your site took on third-party systems. In your production environment, SailPoint stores 60 days of account activity or 2 million actions, whichever is shorter. In your staging environment, SailPoint stores 30 days of account activity or 1 million actions.

Access requests and account activity in a Pending state are stored indefinitely.

How long does my event activity stay in Search?

Audit events are stored for one year plus the current month.

What are some of the differences between account activity and events?

Account activity and events are closely related in Search.

Account activity refers to actions that Identity Security Cloud took on a third-party source. All account activity corresponds to items in the Events tab in Search, but the entries in Account Activity contain much more detail and are intended to be used for troubleshooting.

Events are a list of all recorded actions taken in your organization. They are intended to be used as audit reports.

Known Issues

These are some issues you might encounter while using Search:

  • When you search on displayName, all identities with that displayName are returned, as well as all identities that have someone with that displayName listed as their manager.
  • It's not possible to search on the # symbol or the + symbol. If you need to search on these characters, you can instead use the ? wildcard, which represents a single character. For example, instead of searching on #Administrator, you can search on ?Administrator. This query returns all results with exactly one character before the word "Administrator."
  • Search can display up to 10,000 search results in the UI. If your query returns more than 10,000 results, you can view the complete set by downloading the results.

Sample Data Models

You can view the data models for most of the data we store. Our data models are in JSON, and the fields you can search on are based on these data models. While the samples below might not match your org's data, they show which fields require first-, second-, and nested-level queries.

Sample Identity Data

{
    "id":"2c92809063b784980163bc74dab8000c",
    "name":"Aaron.Nichols",
    "displayName":"Aaron Nichols",
    "firstName":"Aaron",
    "lastName":"Nichols",
    "email":"AARON.NICHOLS@TESTMAIL.COM",
    "phone":null,
    "created":"2018-06-01T17:46:04.856Z",
    "inactive":false,
    "status":"UNREGISTERED",
    "employeeNumber":null,
    "isManager":false,
    "manager":{
        "displayName":"James Smith",
        "name":"james.smith",
        "id":"2c92809063b784980163bc75003f0062"
    },
    "source":{
        "name":"EndToEnd-ADSource",
        "id":"2c92808d63b784980163bc73a3540056"
    },
    "processingDetails":{

    },
    "processingState":null,
    "attributes":{
        "uid":"Aaron.Nichols",
        "firstname":"Aaron",
        "cloudAuthoritativeSource":"2c92808d63b784980163bc73a3540056",
        "cloudStatus":"UNREGISTERED",
        "nextProcessing":"2024-10-20T13:00:00-05:00",
        "displayName":"Aaron Nichols",
        "internalCloudStatus":"UNREGISTERED",
        "workPhone":"5125932543",
        "email":"AARON.NICHOLS@TESTMAIL.COM",
        "lastname":"Nichols"
    },
    "accounts":[
        {
            "id":"2c92809063b784980163bc74dab9000d",
            "name":"Aaron.Nichols",
            "accountId":"CN=Aaron Nichols,OU=Austin,OU=Americas,OU=slpt-automation,DC=TestAutomationAD,DC=local",
            "source":{
                "name":"ADSource",
                "id":"2c92808d63b784980163bc73a3540056",
                "type":"Active Directory - Direct"
            },
            "disabled":false,
            "locked":false,
            "privileged":false,
            "manuallyCorrelated":false,
            "passwordLastSet":"2018-02-22T19:10:07.095Z",
            "entitlementAttributes":{
                "memberOf":[
                    "CN=cloud development,OU=Automation_Users,OU=slpt-automation,DC=TestAutomationAD,DC=local"
                ]
            },
            "created":"2018-06-01T17:46:04.857Z"
        },
        {
            "id":"2c92809063b784980163bc75af4400c7",
            "name":"Aaron.Nichols",
            "accountId":"Aaron.Nichols",
            "source":{
                "name":"IdentityNow",
                "id":"2c92809363b784ab0163b7868c6d029f",
                "type":"IdentityNowConnector"
            },
            "disabled":false,
            "locked":false,
            "privileged":false,
            "manuallyCorrelated":false,
            "passwordLastSet":null,
            "entitlementAttributes":{

            },
            "created":"2018-06-01T17:46:59.268Z"
        }
    ],
    "accountCount":2,
    "apps":[
        {
            "id":"22751",
            "name":"ADP Workforce Now",
            "source":{
                "name":"Corporate Active Directory",
                "id":"2c9180855c45b230015c46e2f6a8026a"
            },
            "account":{
                "id":"2c9180865c45efa4015c470b549907c2",
                "accountId":"CN=Aaron Nichols,OU=Singapore,OU=Asia-Pacific,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
            }
        }
    ],
    "appCount":1,
    "access":[
        {
            "privileged":false,
            "displayName":"cloud development",
            "name":"cloud development",
            "description":null,
            "id":"2c92809063b784980163bc753c5a0094",
            "attribute":"memberOf",
            "source":{
                "name":"ADSource",
                "id":"2c92808d63b784980163bc73a3540056"
            },
            "type":"ENTITLEMENT",
            "value":"CN=cloud development,OU=Automation_Users,OU=slpt-automation,DC=TestAutomationAD,DC=local"
        },
        {
            "owner":{
                "displayName":"Cloud Support",
                "name":"support",
                "id":"2c92809363b784ab0163b78694c502ef"
            },
            "displayName":"Cloud Development",
            "name":"Cloud Development [cloudRole-1528315385705]",
            "description":"Cloud Development",
            "disabled":false,
            "id":"2c92809963d1324a0163d6b2176e0037",
            "type":"ROLE"
        },
        {
            "owner":{
                "displayName":"James Smith",
                "name":"james.smith",
                "id":"2c92809063b784980163bc74daa40006"
            },
            "displayName":"Cloud Development",
            "name":"Cloud Development [AccessProfile-1528315363115]",
            "description":"Cloud Development",
            "id":"2c92809963d1324a0163d6b1bf480035",
            "type":"ACCESS_PROFILE"
        }
    ],
    "accessCount":3,
    "entitlementCount":1,
    "roleCount":1,
    "accessProfileCount":1,
    "identityProfile":{
        "name":"EndToEnd-Profile",
        "id":"2c92808d63b784980163bc757caa005b"
    },
    "modified":"2018-06-06T20:13:43.438Z",
    "synced":"2019-03-25T08:31:11.203Z",
    "owns":{
        "sources":[
            {
                "name":"SCIM 2.0",
                "id":"2c91808566837a3501668d76168e0809"
            }
        ],
        "accessProfiles":[
            {
                "name":"Marketing Team Domain Base Access",
                "id":"2c9180836413b345016422a1154b2681"
            },
            {
                "name":"LinkedIn Application Domain Access",
                "id":"2c9180836413b345016422a116552683"
            }
        ],
        "roles":[
            {
                "name":"Sales",
                "id":"2c918083645ba15701645c70bb082347"
            }
        ],
        "governanceGroups":[
            {
                "name":"SAP Application Owners",
                "id":"b59c9b57-67de-47d7-9cc4-20f9d8b78c4c"
            }
        ],
        "fallbackApprover":"false"
    }
}

Sample Entitlement Data

{
    "id":"2c92808d60ec4e900161066ff7c80178",
    "displayName":"manager entitlement",
    "name":"manager entitlement",
    "description":null,
    "source":{
        "name":"acmesource",
        "id":"2c92808b60ec4e800160ec929d92001c"
    },
    "owner":{
            "name":"Sam Johnson",
            "id":"b59a9b77-67de-47c7-9cc4-20f7b8b78c4e"
    },
    "privileged":false,
    "requestable":true,
    "attribute":"memberOf",
    "value":"manager entitlement",
    "modified":"2018-06-06T20:13:43.438Z",
    "synced":"2019-03-25T08:31:11.203Z"
}

Sample Access Profile Data

{
    "created":"2018-09-27T16:34:14Z",
    "description":"Access profile for managers",
    "entitlementCount":1,
    "entitlements":[
        {
            "attribute":"groups",
            "description":null,
            "id":"2c9180846617d72701661bc1ea1805b0",
            "name":"Manager Access",
            "value":"manager access"
        }
    ],
    "apps":[
        {
            "owner":{
                "email":"jorge.gomez@example.com",
                "type":"IDENTITY",
                "id":"06098e75e5f24f7bb8c4dd52e8f1383c",
                "name":"Jorge Gomez"
            },
            "id":"2d537f6d514b410a1e48fb81f59d0b6c",
            "name":"Acme App",
            "description":"An app used by management in the Acme system."
        }
    ],
    "id":"2c91808466196e9d01661be17eb01568",
    "modified":"2018-10-24T18:34:47Z",
    "synced":"2019-03-25T08:31:11.203Z",
    "name":"ManagementEntitlement",
    "owner":{
        "id":"2c9180846296b7e00162ba8f0e4f5af9",
        "name":"SailPoint Support"
    },
    "requestable":true,
    "source":{
        "id":"2c9180856619745b01661b93b9e81268",
        "name":"Active Directory"
    }
}

Sample Role Data

{
    "accessProfileCount":1,
    "accessProfiles":{
        "id":"2c91808666d8c31b0166e4d059fb5d53",
        "name":"Accounting Access"
    },
    "created":"2018-11-05T16:59:26Z",
    "description":"Role for accountants",
    "enabled":"true",
    "id":"2c91808666d8c19d0166e4d092835da8",
    "modified":"2018-11-05T17:01:24Z",
    "synced":"2019-03-25T08:31:11.203Z",
    "segments": [
        {
            "id": "d009b6e3-c56d-86d9-8735-cb522ea0b016",
            "name": "Segment 1"
        }
    ],
    "segmentCount": 1,
    "entitlements": [
        {
            "hasPermissions": false,
            "attribute": "department",
            "value": "Management",
            "schema": "group",
            "privileged": false,
            "id": "2c9157248366cab701837b547cd0258df",
            "name": "Management"
        }
    ],
    "entitlementCount": 1,
    "name":"Accounting Role",
    "owner":{
        "id":"2c9180846296b7e00162ba8f0e4f5af9",
        "name":"Norman Hook"
    },
    "requestable":"false"
}

Sample Event Data

{ 
    "created":"2019-05-08T18:13:14.749Z",
    "id":"3adaeb2d-ff2d-4442-ab75-90615552ddf6",
    "action":"USER_STEP_UP_AUTH",
    "type":"USER_MANAGEMENT",
    "trackingNumber":"2c92809063b784980163bc75af4400c7"
    "actor":{ 
        "name":"support"
    },
    "target":{ 
        "name":"support"
    },
    "ipAddress":"207.189.160.128",
    "attributes":{ 
        "sourceName":"System",
        "info":"KBA"
    },
    "objects":[ 
        "USER",
        "AUTHENTICATION",
        "STEP_UP"
    ],
    "operation":"SETUP",
    "status":"PASSED",
    "technicalName":"USER_AUTHENTICATION_STEP_UP_SETUP_PASSED",
    "name":"Setup User Authentication Step_up Passed",
    "synced":"2019-05-08T18:13:17.097Z"
}

Sample Account Activity Data

{ 
    "type":"Identity Refresh",
    "recipient":{ 
        "id":"2c9180886a335c79016a366bfba11a0e",
        "name":"mona.riley",
        "type":"Identity"
    },
    "requester":{ 
        "id":null,
        "name":"System"
    },
    "sourceSummary":"Active Directory, Oracle",
    "sources":"Active Directory, Oracle",
    "stage":"Completed",
    "status":"Complete",
    "synced":"2019-04-19T17:06:17.060Z",
    "target":{ 
        "id":"2c9180886a335c79016a366bfba11a0e",
        "name":"mona.riley",
        "type":"Identity"
    },
    "trackingId":"d1c68069326a498c9dd8e4090f99edcc",
    "trackingNumber":"d1c68069326a498c9dd8e4090f99edcc",
    "accountRequests":[ 
        { 
            "accountId":"mona.riley",
            "attributeRequests":[ 
                { 
                    "name":"groups",
                    "op":"Add",
                    "value":[ 
                        "Engineering Role",
                        "entitlement1"
                    ]
                }
            ],
            "op":"Modify",
            "provisioningTarget":null,
            "result":{ 
                "status":"Manual Task Created"
            },
            "source":{ 
                "id":"2c9180846a28e580016a366b314f21b8",
                "name":"Active Directory",
                "type":"DelimitedFileConnector"
            }
        },
        { 
            "accountId":null,
            "attributeRequests":[ 
                { 
                    "name":"assignedRoles",
                    "op":"Add",
                    "value":"Engineering Role"
                },
                { 
                    "name":"assignedRoles",
                    "op":"Add",
                    "value":"entitlement1"
                }
            ],
            "op":null,
            "provisioningTarget":{ 
                "id":"IDN",
                "name":"IdentityNow"
            },
            "result":{ 
                "status":"IdentityNow Task"
            },
            "source":{ 
                "id":"IDN",
                "name":"IdentityNow"
            }
        }
    ],
    "action":"Identity Refresh",
    "approvals":[ 
        { 
            "attributeRequest":{ 
                "name":"groups",
                "op":"Add",
                "value":[ 
                    "Engineering Role"
                ]
            },
            "created":null,
            "modified":null,
            "owner":{ 
                "id":"2c9180906a1825c5016a28135316669c",
                "name":"Andrew Beck",
                "type":"Identity"
            },
            "result":"Finished",
            "source":{ 
                "id":"2c9180846a28e580016a366b314f21b8",
                "name":"Active Directory",
                "type":"DelimitedFileConnector"
            }
        },
        { 
            "attributeRequest":{ 
                "name":"groups",
                "op":"Add",
                "value":[ 
                    "entitlement1"
                ]
            },
            "created":null,
            "modified":null,
            "owner":{ 
                "id":"2c9180906a1825c5016a28135316669c",
                "name":"Andrew Beck",
                "type":"Identity"
            },
            "result":"Finished",
            "source":{ 
                "id":"2c9180846a28e580016a366b314f21b8",
                "name":"Active Directory",
                "type":"DelimitedFileConnector"
            }
        }
    ],
    "created":"2019-04-19T16:49:52.219Z",
    "errors":null,
    "warnings":null,
    "expansionItems":[ 
        { 
            "accountId":"mona.riley",
            "attributeRequest":{ 
                "name":"groups",
                "op":"Add",
                "value":"Engineering Role"
            },
            "cause":"Role",
            "name":"Engineering Role",
            "source":{ 
                "id":"2c9180846a28e580016a366b314f21b8",
                "name":"Active Directory",
                "type":"DelimitedFileConnector"
            }
        },
        { 
            "accountId":"mona.riley",
            "attributeRequest":{ 
                "name":"groups",
                "op":"Add",
                "value":"entitlement1"
            },
            "cause":"Role",
            "name":"entitlement1",
            "source":{ 
                "id":"2c9180846a28e580016a366b314f21b8",
                "name":"Active Directory",
                "type":"DelimitedFileConnector"
            }
        }
    ],
    "id":"2c9180846a361ce8016a36811c5b001f",
    "modified":"2019-04-19T17:06:15.901Z",
    "name":"d1c68069326a498c9dd8e4090f99edcc",
    "originalRequests":[ 
        { 
            "accountId":null,
            "attributeRequests":[ 
                { 
                    "name":"assignedRoles",
                    "op":"Add",
                    "value":"Active Directory ID Profile"
                },
                { 
                    "name":"assignedRoles",
                    "op":"Add",
                    "value":"Engineering Role"
                },
                { 
                    "name":"assignedRoles",
                    "op":"Add",
                    "value":"entitlement1"
                }
            ],
            "op":"Modify",
            "provisioningTarget":null,
            "result":{ 
                "status":"Manual Task Created"
            },
            "source":{ 
                "id":"IDN",
                "name":"IdentityNow"
            }
        }
    ]
}

About Our Search Provider

The search feature is based on Elasticsearch 7.7. Elasticsearch offers a variety of choices that you can make to solve for your specific use cases.

Refer to the following Elasticsearch guides and documentation to better understand the search engine. Be aware that not all Elasticsearch info will be applicable to searching in Identity Security Cloud.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.