Updating Identity Data
IdentityNow is designed to ensure that you're always seeing and working with the most up-to-date identity data available, and we are able to do so by refreshing that data as efficiently as possible. An identity refresh is the process of taking changes to accounts, identity profiles, or other configuration items and applying them to all related elements in the IdentityNow database where it can be used by admins.
You might sometimes see a message at the top of a window that states that identity data is updating, indicating that IdentityNow is refreshing a large volume of identity data. This is because administrators can start refreshing source data from a variety of sources at the same time. A queue is established for these sources and they are processed in the order in which they were started. While this is happening, you don't need to do anything except wait for the process to be finished.
You have the following options for monitoring these background tasks:
- Wait until the message goes away.
- Go to Admin Dashboard > Monitor to watch the background processing tasks. See Monitoring the Status of a Refresh for details.
- In some cases, you can click View. This allows you to monitor the task in System Activity. After these aggregations are finished and the related identity data is being processed, the following message is displayed in the Identity List and Identity Profiles page:
After all the identity data is loaded and processed, this message is removed and you can be sure your identity data in that profile is current.
Identity data also gets updated on a regular cadence at 8am and 8pm CDT. This refresh will only run if rules are in place or if attribute sync is configured. The system behavior for these updates is described in Scheduled Refreshes.
While the refresh task is in progress, any identities that have changed as a result of these tasks might reflect out of date data.
Determining if User Data is Current
To determine if a user's data is current, go to the Identity List and click on the user's name.
In the Overview tab, the Last Updated value reflects the last time identity data was refreshed in the system that caused a change in this user's data.
Identity Data Update Notifications
When you make certain changes to your identity profiles, IdentityNow needs to update or refresh the identities in that identity profile.
When you are editing an app's configuration or settings, you might see a banner at the top of the page if an identity profile associated with the app is refreshing.
Identity Profile Notifications
Because the process or updating the identities in an identity profile can take a significant amount of time, IdentityNow lets you choose when you want those updates to happen.
You'll see this prompt every time you:
- Create a new identity profile
- Change the account source for an existing identity profile
- Change the mappings for an existing identity profile
- Preview your changes to mappings
After previewing, you may want to make additional changes to your mappings. You do not have to click Update until you see your desired results in the preview.
After clicking Update, you see the following message:
Other changes to identity profiles, such as to the access settings or password reset options, do not require updates to identity data.
App Settings Notifications
This banner lets you know that the the identity data displayed on the app's Identities tab may not be up to date because the identity profile associated with the app is refreshing. It will appear at the top of the page when you are editing an app's configuration or settings. This process requires no action on your part. If you want to monitor progress on the task in System Activity, click View.
You may see this banner if:
- You have created or updated an identity profile
- You have switched the app to Specific Users From Source or All Users From Source.
- You have performed an aggregation
- You just created an access profile for the app
While this banner displays, the Identities tab on the app may not display all its associated identities. For detailed information about the number of records being processed, go to Admin Dashboard > Monitor.
IdentityNow also performs an automatic full system refresh at 8am and 8pm CST/CDT. This refresh will only run if rules are in place or if attribute sync is configured.
Accessing Data During a Refresh
When we run the periodic consolidated refresh, IdentityNow does not restrict your ability to run aggregations or limit your access to the following parts of the system:
- Adding, updating, or removing roles or entitlements
- Editing identity attributes on an identity profile
- Changing lifecycle states
- Syncing attributes
- Creating certification campaigns
- Running searches
- Generating identity-specific reports
During the Periodic Consolidated Refresh, while you have access to these features, you might not be working with current data related to them. For example, if you were to generate a certification campaign during this period, you might create certifications that include access items that are not accurate for the identities you want to certify.
Monitoring the Status of a Refresh
To ensure that the data you're working with is current, consider the following:
- The start times vary. While the first refresh of IdentityNow starts right at 8pm CST/CDT, your site might not begin to refresh until 9pm CST/CDT or later. The duration of the refresh also varies based on the volume and complexity of the updated data.
- If you want your timezone to be anything other than the default CST/CDT, you can set your org's timezone.
- To verify that a manual identity refresh has succeeded, go to System Activity and look in the Type column for Identity Refresh or Role Refresh. The status will display Success if the refresh is complete.