Using Delta and Optimized Aggregations to Perform Delta Refresh in SailPoint IdentityIQ 6.4

There is a new feature in IdentityIQ 7.0 that has been long sought after: delta refreshes.

These delta refreshes allow you to run a refresh only against users who have been detected as having a change on an application link that you’ve configured to set this flag when modified. This is an exciting feature because a full refresh of all identities within your system can be a lengthy process.

What if you’re not ready to upgrade to 7.0 yet though and you want to take advantage of this?

One way is by adding the necessary refresh activities directly on your aggregations. For example, if you want to process events for users when they have AD changes come through, you can accomplish this by setting up a delta aggregation for Active Directory and modifying the TaskDefinition to include the following attribute:

<entry key=”processTriggers” value=”true”>

You can apply this attribute to any aggregation task definition where you’re running a delta or optimized aggregation and it will only refresh those users that are detected as having changes. This enables you to trigger events nearly in real time as you can run delta/optimized aggregations very frequently.

It’s helpful to also include one for <noManagerCorrelation=false> (it’s true by default) because manager correlation doesn’t happen automatically on an aggregation otherwise. There are other refresh activities that you can add here, but these are the ones I’ve found most helpful.

Be aware that if you have this on an aggregation and run it with optimization disabled, it will trigger a refresh for every identity that it reads, in which case may cause your aggregation to run for a long time. Also remember that you don’t need to do this in 7.0+ because the delta refresh allows even more versatility. Have fun experimenting with the different combinations you can add directly to your aggregations to help streamline your process!