Monday, September 23, 2019

SAILPOINT IDENTITY IQ CONTEXT AND TESTING API USING ECLIPSE IDE

SAILPOINT IIQ CONTEXT AND TESTING API USING ECLIPSE IDE

Create the Java Project as per the structure given below , Make sure to create the Resource Dir and copy the latest updated object .hbm files and iiq.properties files (Password as plain Text)

This sailpoint IIQ context creation will be really good if you want to quick test any API for the development..





package com.vishal.connection;


import sailpoint.api.SailPointContext;
import java.text.SimpleDateFormat;
import sailpoint.object.AuditEvent;
import sailpoint.api.SailPointFactory;
import sailpoint.connector.ExpiredPasswordException;
import sailpoint.object.Identity;
import sailpoint.object.IdentitySelector;
import sailpoint.object.IdentityTrigger;
import sailpoint.object.QueryOptions;
import sailpoint.object.Rule;
import sailpoint.spring.SpringStarter;
import sailpoint.tools.GeneralException;

import java.util.*;


public class Connection {
 public static SailPointContext context;
 /**
  * @param args
  * @throws GeneralException 
  * @throws ExpiredPasswordException 
  */
 public static void main(String[] args) throws GeneralException {
  //IIQ propeties file must be present in java project.
  SpringStarter starter = new SpringStarter("iiqBeans"); 
  starter.start();
  SailPointContext context = SailPointFactory.createContext();
  Identity identity = context.getObject(Identity.class, "spadmin");
  String displayName=identity.getDisplayName();
       System.out.println("Identity Details " + identity.getFirstname() + identity.getLastname());
       starter.close();

 }
}




Wednesday, September 18, 2019

Sailpoint Identity IQ 7.3 Certification Matrix


Below is the Certification Matrix details for the Sailpoint Identity IQ 7.3 Version

7.3 Supported Platforms
Operating Systems
IBM AIX 7.1 and 7.2
Red Hat Enterprise Linux 7.3 and 7.4
SUSE Linux Enterprise Server 12.0 and 12.1
Solaris 10 and 11
Windows Server 2012 R2 and 2016
Oracle Linux (Using RHEL Kernel Mode) 7.3 and 7.4
Linux Support: The distributions and versions of Linux highlighted above have been
verified by IdentityIQ Engineering, but any currently available and supported
distributions and versions of Linux will be supported by SailPoint.

Implementers and customers should verify that the distribution and version of Linux of
choice is compatible with the application server, database server, and JDK also
being used.
Databases
IBM DB2 10.5 and 11.1
MySQL 5.6 and 5.7
MS SQL Server 2016 and 2017
Oracle 12c and 12c R2
Application Server
Application Servers (JDK 1.8 (8) supported as required by the specific application server)
Apache Tomcat 8.5 and 9.0
Oracle WebLogic 12.2.1.x
IBM WebSphere 8.5.x and 9.0
JBoss EAP 7.0 and 7.1
IBM WebSphere Liberty 18.0.0.x
Java Platform
Sun, Oracle or IBM JDK 1.8 (8) for all application servers
*Note that JDKs are supported on 8 as needed by the specific application servers
listed above. 6 and 7 are no longer supported.
OpenJDK8 is now supported on the following two platform structures:
OpenJDK8 + CentOS with Tomcat and JBoss.
OpenJDK8 + RHEL with Tomcat and JBoss. AdoptOpenJDK8 +
Windows is also supported. Full statement:
https://community.sailpoint.com/docs/DOC-11735)
Browsers
Firefox latest version
Google Chrome latest version
Internet Explorer 11 and Edge
Safari 11
Mobile User Interface OS
Browser Support
iOS 11 using Safari
Android 7 and 8 on Chrome
Windows 10 using Internet Explorer
Cloud Platforms
AWS EC2
AWS RDS (MySQL, MS SQL, Oracle)
AWS Aurora
Azure
Languages
English
German
French
Dutch
Spanish
Brazilian Portuguese
Italian
Simplified Chinese
Japanese
French Canadian
Korean
Swedish
Turkish
Backlog: Russian, Polish, Danish, Traditional Chinese (target p2+)

Thursday, September 12, 2019

Sailpoint IdentityIQ Custom Auditing Sample code


If you want add custom auditing to your beanshell in a rule, task or workflow or any where in the call etc, it's as easy as below , creating the new AuditEvent and setting the Action, Source, Target and values.

Here we need to make sure that we are adding proper action and source so that it's easily tracked . 


import sailpoint.api.SailPointContext;
import java.text.SimpleDateFormat;
import sailpoint.object.AuditEvent;
 
     public void customAudit(SailPointContext context) throws GeneralException{
  SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss z");
  format.setTimeZone(TimeZone.getTimeZone("CST"));
  AuditEvent auditEvent = new AuditEvent();
  auditEvent.setAction("Custom Action");
  auditEvent.setSource("Custom Source");
  auditEvent.setTarget("vkejriwal");
  auditEvent.setString1("Timestamp: " + format.format(new Date()));
  auditEvent.setString2("User Name: " + "vkejriwal");
  auditEvent.setString3("IP: " + "127.0.0.1");
  context.saveObject(auditEvent);
  context.commitTransaction();
  
 }


Custom Audit which is added can be easily seen using the Advance Analytics . 


Monday, September 9, 2019

SQL ACCESS REVIEW CERTIFICATION ITEMS DETAILS SAILPOINT IDENTITY IQ

This query is used to get the details about the Access Review , Certification which is generated and will give all the details 
for all the items whether action is taken or not.

SELECT SPT_CERTIFICATION.ID AS "CERT_ID",
   (
      TO_DATE('1970-01-01 00', 'YYYY-MM-DD HH24') + (SPT_CERTIFICATION.ACTIVATED) / 1000 / 60 / 60 / 24
   )
   AS "CREATE DATE",
   (
      TO_DATE('1970-01-01 00', 'YYYY-MM-DD HH24') + (SPT_CERTIFICATION.EXPIRATION) / 1000 / 60 / 60 / 24
   )
   AS "EXPIRATION DATE",
   (
      TO_DATE('1970-01-01 00', 'YYYY-MM-DD HH24') + (SPT_CERTIFICATION.SIGNED) / 1000 / 60 / 60 / 24
   )
   AS "SIGNED DATE",
  SPT_CERTIFICATION.SHORT_NAME AS "CERT_NAME",
  SPT_CERTIFICATION_ITEM.SUMMARY_STATUS AS "CERT_STATUS",
  SPT_CERTIFICATION.MANAGER AS "CERT_ASSIGNED_TO_ID",
  SPT_IDENTITY.EMAIL AS "CERT_ASSIGNED_TO_EMAIL",
  SPT_IDENTITY.DISPLAY_NAME AS "CERT_ASSIGNED_TO_NAME",
  user2.DISPLAY_NAME AS "MANAGER_DISPLAY_NAME",
  USER2.EMAIL AS "MANAGER_EMAIL",
  SPT_CERTIFICATION_ENTITY.TARGET_NAME AS "USER_ID",
  SPT_CERTIFICATION_ENTITY.TARGET_DISPLAY_NAME AS "USER_DISPLAY_NAME",
  SPT_CERTIFICATION_ENTITY.FIRSTNAME AS "USER_FIRST_NAME",
  SPT_CERTIFICATION_ENTITY.LASTNAME AS "USER_LAST_NAME",
  user1.EMAIL AS "USER_EMAIL",
  SPT_CERTIFICATION.TOTAL_ENTITIES,
  SPT_CERTIFICATION.EXCLUDED_ENTITIES,
  SPT_CERTIFICATION.COMPLETED_ENTITIES,
  SPT_CERTIFICATION.PERCENT_COMPLETE,
  SPT_CERTIFICATION.CERTIFIED_ENTITIES,
  SPT_CERTIFICATION.TOTAL_ITEMS,
  SPT_CERTIFICATION.EXCLUDED_ITEMS,
  SPT_CERTIFICATION.COMPLETED_ITEMS,
  SPT_CERTIFICATION.ITEM_PERCENT_COMPLETE,
  SPT_CERTIFICATION.CERTIFIED_ITEMS,
  SPT_CERTIFICATION.REMEDIATIONS_KICKED_OFF,
  SPT_CERTIFICATION.REMEDIATIONS_COMPLETED,
  (
      TO_DATE('1970-01-01 00', 'YYYY-MM-DD HH24') + (SPT_CERTIFICATION.MODIFIED) / 1000 / 60 / 60 / 24
   )
   AS "CERT_UPDATE_DATE",
  SPT_CERTIFICATION_ITEM.EXCEPTION_APPLICATION AS "ACCOUNT_APPLICATION_NAME",
  SPT_CERTIFICATION_ITEM.EXCEPTION_ATTRIBUTE_NAME AS "RECORD_TYPE",
  SPT_IDENTITY_ENTITLEMENT.NATIVE_IDENTITY AS "ACCOUNT_NAME",
  SPT_CERTIFICATION_ITEM.EXCEPTION_ATTRIBUTE_VALUE AS "ACCOUNT_ENTITLEMENT_NAME",
  NULL AS "CERT_DECISION",
  NULL AS "CERT_DECISION_COMMENTS",
  NULL AS "REMEDIATION_ACTION",
  NULL AS "REMEDIATION_DETAILS",
  NULL AS "CERT_DECISION_DATE",
  NULL AS TICKET,
  NULL AS TICKET_STATUS,
  SPT_CERTIFICATION_ITEM.ACTION AS "ACTION"
FROM SPT_CERTIFICATION_ENTITY,
  SPT_CERTIFICATION,
  SPT_CERTIFICATION_ITEM,
  SPT_IDENTITY,
  SPT_IDENTITY user1,
  SPT_IDENTITY user2,
  SPT_IDENTITY_ENTITLEMENT,
  SPT_APPLICATION
WHERE SPT_CERTIFICATION_ENTITY.CERTIFICATION_ID = SPT_CERTIFICATION.ID
  AND SPT_CERTIFICATION_ITEM.CERTIFICATION_ENTITY_ID = SPT_CERTIFICATION_ENTITY.ID
  AND SPT_IDENTITY.NAME = SPT_CERTIFICATION.MANAGER
  AND SPT_CERTIFICATION_ENTITY.TARGET_NAME = user1.NAME
  AND user1.MANAGER = user2.ID
  AND SPT_CERTIFICATION_ITEM.EXCEPTION_APPLICATION = SPT_APPLICATION.NAME
  AND SPT_CERTIFICATION_ITEM.EXCEPTION_ATTRIBUTE_VALUE = SPT_IDENTITY_ENTITLEMENT.VALUE
  AND user1.ID = SPT_IDENTITY_ENTITLEMENT.IDENTITY_ID
  AND SPT_APPLICATION.ID = SPT_IDENTITY_ENTITLEMENT.APPLICATION

SQL ACCESS REVIEW CERTIFICATION ACTION ITEMS DETAILS SAILPOINT IDENTITY IQ

This query is used to get the details about the Access Review , Certification which is generated and will give all the details for all the items for which the action is already taken.
SELECT SPT_CERTIFICATION.ID AS "CERT_ID", ( TO_DATE('1970-01-01 00', 'YYYY-MM-DD HH24') + (SPT_CERTIFICATION.ACTIVATED) / 1000 / 60 / 60 / 24 ) AS "CREATE DATE", ( TO_DATE('1970-01-01 00', 'YYYY-MM-DD HH24') + (SPT_CERTIFICATION.EXPIRATION) / 1000 / 60 / 60 / 24 ) AS "EXPIRATION DATE", ( TO_DATE('1970-01-01 00', 'YYYY-MM-DD HH24') + (SPT_CERTIFICATION.SIGNED) / 1000 / 60 / 60 / 24 ) AS "SIGNED DATE", SPT_CERTIFICATION.SHORT_NAME AS "CERT_NAME", SPT_CERTIFICATION_ITEM.SUMMARY_STATUS AS "CERT_STATUS", SPT_CERTIFICATION.MANAGER AS "CERT_ASSIGNED_TO_ID", SPT_IDENTITY.EMAIL AS "CERT_ASSIGNED_TO_EMAIL", SPT_IDENTITY.DISPLAY_NAME AS "CERT_ASSIGNED_TO_NAME", user2.DISPLAY_NAME AS "MANAGER_DISPLAY_NAME", USER2.EMAIL AS "MANAGER_EMAIL", SPT_CERTIFICATION_ENTITY.TARGET_NAME AS "USER_ID", SPT_CERTIFICATION_ENTITY.TARGET_DISPLAY_NAME AS "USER_DISPLAY_NAME", SPT_CERTIFICATION_ENTITY.FIRSTNAME AS "USER_FIRST_NAME", SPT_CERTIFICATION_ENTITY.LASTNAME AS "USER_LAST_NAME", user1.EMAIL AS "USER_EMAIL", SPT_CERTIFICATION.TOTAL_ENTITIES, SPT_CERTIFICATION.EXCLUDED_ENTITIES, SPT_CERTIFICATION.COMPLETED_ENTITIES, SPT_CERTIFICATION.PERCENT_COMPLETE, SPT_CERTIFICATION.CERTIFIED_ENTITIES, SPT_CERTIFICATION.TOTAL_ITEMS, SPT_CERTIFICATION.EXCLUDED_ITEMS, SPT_CERTIFICATION.COMPLETED_ITEMS, SPT_CERTIFICATION.ITEM_PERCENT_COMPLETE, SPT_CERTIFICATION.CERTIFIED_ITEMS, SPT_CERTIFICATION.REMEDIATIONS_KICKED_OFF, SPT_CERTIFICATION.REMEDIATIONS_COMPLETED, ( TO_DATE('1970-01-01 00', 'YYYY-MM-DD HH24') + (SPT_CERTIFICATION.MODIFIED) / 1000 / 60 / 60 / 24 ) AS "CERT_UPDATE_DATE", SPT_CERTIFICATION_ITEM.EXCEPTION_APPLICATION AS "ACCOUNT_APPLICATION_NAME", SPT_CERTIFICATION_ITEM.EXCEPTION_ATTRIBUTE_NAME AS "RECORD_TYPE", SPT_IDENTITY_ENTITLEMENT.NATIVE_IDENTITY AS "ACCOUNT_NAME", SPT_CERTIFICATION_ITEM.EXCEPTION_ATTRIBUTE_VALUE AS "ACCOUNT_ENTITLEMENT_NAME", SPT_CERTIFICATION_ACTION.STATUS AS "CERT_DECISION", SPT_CERTIFICATION_ACTION.DESCRIPTION AS "CERT_DECISION_COMMENTS", SPT_CERTIFICATION_ACTION.REMEDIATION_ACTION AS "REMEDIATION_ACTION", TO_CHAR(SPT_CERTIFICATION_ACTION.REMEDIATION_DETAILS) AS "REMEDIATION_DETAILS", ( TO_DATE('1970-01-01 00', 'YYYY-MM-DD HH24') + (SPT_CERTIFICATION_ACTION.DECISION_DATE) / 1000 / 60 / 60 / 24 ) AS "CERT_DECISION_DATE", TO_CHAR(Regexp_substr(SPT_CERTIFICATION_ACTION.REMEDIATION_DETAILS, 'requestID="(.*?)"\sstatus', 1, 1, NULL, 1)) AS TICKET, TO_CHAR(Regexp_substr(SPT_CERTIFICATION_ACTION.REMEDIATION_DETAILS, 'status="(.*?)"\/', 1, 1, NULL, 1)) AS TICKET_STATUS, SPT_CERTIFICATION_ITEM.ACTION AS "ACTION" FROM SPT_CERTIFICATION_ENTITY, SPT_CERTIFICATION, SPT_CERTIFICATION_ITEM, SPT_IDENTITY, SPT_CERTIFICATION_ACTION, SPT_IDENTITY user1, SPT_IDENTITY user2, SPT_IDENTITY_ENTITLEMENT, SPT_APPLICATION WHERE SPT_CERTIFICATION_ENTITY.CERTIFICATION_ID = SPT_CERTIFICATION.ID AND SPT_CERTIFICATION_ITEM.CERTIFICATION_ENTITY_ID = SPT_CERTIFICATION_ENTITY.ID AND SPT_IDENTITY.NAME = SPT_CERTIFICATION.MANAGER AND SPT_CERTIFICATION_ACTION.ID = SPT_CERTIFICATION_ITEM.ACTION AND SPT_CERTIFICATION_ENTITY.TARGET_NAME = user1.NAME AND user1.MANAGER = user2.ID AND SPT_CERTIFICATION_ITEM.EXCEPTION_APPLICATION = SPT_APPLICATION.NAME AND SPT_CERTIFICATION_ITEM.EXCEPTION_ATTRIBUTE_VALUE = SPT_IDENTITY_ENTITLEMENT.VALUE AND user1.ID = SPT_IDENTITY_ENTITLEMENT.IDENTITY_ID AND SPT_APPLICATION.ID = SPT_IDENTITY_ENTITLEMENT.APPLICATION