Fetch All Identities in SailPoint IdentityIQ Using a Rule

Identity data is the core of any Identity Governance system. In many real-world scenarios, developers need to retrieve all identities from IdentityIQ for purposes such as:

• Data analysis
• Custom reports
• Bulk processing
• Workflow automation
• Identity validation scripts

Using a Rule in IdentityIQ, we can efficiently fetch all identities stored in the system.

Approach

To retrieve all identities, we use:

• QueryOptions – to define search parameters
• context.search() – to query Identity objects
• Iterator – to iterate through results
• Util.flushIterator() – to properly release resources

Since we want all identities, the

QueryOptions

SailPoint Rule to Fetch All Identities

xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE sailpoint PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<sailpoint>
<Rule name="Fetch All Identities" language="beanshell">
  <Description>
    Retrieves all identities in the system.
  </Description>
  <Source>
    <![CDATA[
import sailpoint.object.*;
import sailpoint.tools.Util;
import java.util.*;

// Create a QueryOptions object with no filters to fetch all identities
QueryOptions qo = new QueryOptions();

// Search for all identities
Iterator identityIter = context.search(Identity.class, qo);

List identities = new ArrayList();

while (identityIter.hasNext()) {
    Identity id = (Identity) identityIter.next();
    if (id != null) {
        identities.add(id.getName());
    }
}

Util.flushIterator(identityIter);

return identities;

    ]]>
  </Source>
</Rule>
</sailpoint>

How the Rule Works

1. Create QueryOptions

java
QueryOptions qo = new QueryOptions();

This initializes a search query. Since no filters are added, it retrieves all identities.

2. Search Identity Objects

java
Iterator identityIter = context.search(Identity.class, qo);

The

context.search()

3. Iterate Through Identities

java
while (identityIter.hasNext())

The iterator processes each identity returned by the query.

4. Store Identity Names

java
identities.add(id.getName());

The rule stores identity names in a list which is returned at the end.

5. Flush the Iterator

java
Util.flushIterator(identityIter);

This is an important best practice to avoid memory leaks when working with iterators.

Output

The rule returns a List of Identity Names.

Example Output

code
jsmith
admin
jdoe
system_user

Best Practices

When working with large IdentityIQ environments:

• Always flush iterators
• Avoid loading unnecessary attributes
• Use filters if possible for better performance
• Consider pagination for very large datasets

Use Cases

This rule is useful for:

Bulk Identity Processing

Retrieve and process all identities for large scale updates or validations.

Identity Cleanup Scripts

Identify inactive, duplicate, or invalid identities for cleanup operations.

Custom Provisioning Logic

Iterate through identities to trigger provisioning or deprovisioning logic.

Automation Tools

Integrate with automation workflows that require identity data processing.

IAM Analytics

Extract identity information for analysis, reporting, or governance insights.

Final Thoughts

Fetching all identities using a rule is a common requirement for SailPoint IdentityIQ developers. By leveraging

QueryOptions

context.search()

When working with large environments, always follow best practices such as flushing iterators and applying filters when possible to ensure optimal performance and resource management.

Tags

sailpoint

sailpoint-identityiq

sailpoint-rule

beanshell

identity-governance

iam