SAILPOINT IDENTITY IQ: October 2019

Sunday, October 13, 2019

Sailpoint Identity IQ Calling Rule from Anywhere API

Calling a Rule from anywhere either it's from any Rule, Work Flow, LCM Provisioning

Java Code

public void runRule(SailPointContext context) throws GeneralException{
             Rule TestRule = context.getObject(Rule.class,"TestRule1");
             HashMap ruleParam = new HashMap();
             ruleParam.put("log",null);
             ruleParam.put("context",context);

             ruleParam.put("name","Vishal");
             String name  = (String) context.runRule(TestRule ,ruleParam);
             System.out.println("name : " + name);
       }

Rule :TestRule1

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule  language="beanshell"  name="TestRule1">
  <Signature>
    <Inputs>
      <Argument name="log">
        <Description>
          The log object associated with the SailPointContext.
        </Description>
      </Argument>
      <Argument name="context">
        <Description>
          A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
        </Description>
      </Argument>
      <Argument name="name">
        <Description>
          name value from the place where this is called.
        </Description>
      </Argument>
    </Inputs>
  </Signature>
  <Source>
  return name + "Kejriwal";
  </Source>
</Rule>

Output

name : VishalKejriwal

Thursday, October 10, 2019

Sailpoint IQ Active Directory Application Integration Using OOTB Connector - Aggregation

Integration of Active Directory with SailPoint IIQ

Check this blogpost for the Active Directory Provisioning

Navigate to Application → New Application
Select Application Type as Active Directory-Direct and provide the Application Name and Owner Field

Enter the Forest Name , Global Catalog Server ie DC and the credentials of the service Account , Add the above entered Forest details and Click on Discover to get all the Domains Available in the Forest.

Here we can add and remove the Domain which we want to manage from this Application

Here we can add and remove account OU which we are managing from the above Domains

Here we can add Groups OU which we are managing from the above Domains

Test the Target Application Connectivity

Create the correction Rule , based on which user need to be linked from the Active Directory to the Sailpoint.

Create the Group Aggregation Task to pull all the Entitlement from Active Directory and click on save and Run.

we can check all the Entitlements Aggregated from Active Directory in Applications → Entitlement Catalog

Create the Account Aggregation Task to pull all the Users Accounts from Active Directory and click on save and Run.

we can check all the Accounts Aggregated from Active Directory in Applications → Edit Application → Accounts Tab

Tuesday, October 1, 2019

SAILPOINT IDENTITY IQ ALL WORKFLOW AND SUB WORKFLOW

SAILPOINT IDENTITY IQ ALL WORKFLOW AND SUB WORKFLOW

Below is the List of all the OOTB Sub workflow which is getting called from the main workflow
==========================================================
Workflow:LCM Provisioning
Identity Request Initialize
Identity Request Violation Review
Do Provisioning Forms
Manage Ticket
Provision with retries
Provisioning Approval Subprocess
Approve and Provision Subprocess
Provisioning Approval Subprocess
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Approve and Provision Subprocess
Provisioning Approval Subprocess
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Identity Request Notify
Identity Request Finalize
Manage Ticket
Provision with retries

==========================================================
Workflow:LCM Create and Update
Identity Request Initialize
Identity Request Violation Review
Do Provisioning Forms
Manage Ticket
Provision with retries
Identity Request Approve Identity Changes
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Identity Request Notify
Identity Request Finalize
Manage Ticket
Provision with retries

==========================================================
Workflow:LCM Registration
LCM Create and Update
Identity Request Initialize
Identity Request Violation Review
Do Provisioning Forms
Manage Ticket
Provision with retries
Identity Request Approve Identity Changes
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Identity Request Notify
Identity Request Finalize
Manage Ticket
Provision with retries

==========================================================
Workflow:LCM Manage Passwords
Identity Request Initialize
Identity Request Violation Review
Do Provisioning Forms
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Identity Request Notify
Identity Request Finalize
Manage Ticket
Provision with retries

==========================================================
Workflow:Approve and Provision Subprocess
Provisioning Approval Subprocess
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries

==========================================================
Workflow:Approve and Provision Subprocess
Provisioning Approval Subprocess
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries

==========================================================
Workflow:Batch Request Wrapper
Identity Request Approve

==========================================================
Workflow:Do Provisioning Forms

==========================================================
Workflow:Do Manual Actions

==========================================================
Workflow:Provision with retries

==========================================================
Workflow:Check Status of queued items

==========================================================
Workflow:Manage Ticket
Provision with retries

==========================================================
Workflow:Role Modeler - Impact Analysis

==========================================================
Workflow:Role Modeler - Owner Approval

==========================================================
Workflow:Identity Refresh
Do Provisioning Forms
Do Manual Actions

==========================================================
Workflow:Identity Update
Do Provisioning Forms
Do Manual Actions

==========================================================
Workflow:Scheduled Assignment
Do Provisioning Forms
Provision with retries
Do Manual Actions

==========================================================
Workflow:Scheduled Role Activation

==========================================================
Workflow:Entitlement Update

==========================================================
Workflow:Password Intercept
Provision with retries

==========================================================
Workflow:Alert - Disable Account

==========================================================
Workflow:Identity Correlation

==========================================================
Workflow:Generic Step Library

==========================================================
Workflow:Provisioning Approval Subprocess

==========================================================
Workflow:IdentityProvisioningStepLibrary
Provisioning Approval Subprocess

==========================================================
Workflow:Identity Request Violation Review

==========================================================
Workflow:Identity Request Initialize
Identity Request Violation Review
Do Provisioning Forms

==========================================================
Workflow:Identity Request Approve

==========================================================
Workflow:Identity Request Notify

==========================================================
Workflow:Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items

==========================================================
Workflow:Identity Request Finalize
Manage Ticket
Provision with retries

==========================================================
Workflow:Identity Request Approve Identity Changes

==========================================================

SAILPOINT IDENTITY IQ GET ALL SUB WORKFLOW FROM MAIN WORKFLOW

SAILPOINT IDENTITY IQ API GET ALL SUB WORKFLOW FROM THE MAIN WORKFLOW

Below Rule will get the name of all the Sub Workflow Getting called from the Master Workflow in Sailpoint IIQ

Create the below Rule using the IIQ Debug Page

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule   language="beanshell"  name="List-Workflow-Subprocesses">
<Description> </Description>
<Source>
 <![CDATA[
import java.util.Iterator; 
import java.util.ArrayList;
import sailpoint.api.*;
import sailpoint.object.*;

public void handleWorkflow(Workflow workflow, int level) {
if (level == 0) { System.out.print("\n\n==========================================================\nWorkflow:");  }
for (int i = 0; i<level; i++) {
System.out.print("        "); 
}
     System.out.println(workflow.getName()); 
     ArrayList steps = workflow.getSteps(); 
     Iterator iter = steps.iterator(); 
     while (iter.hasNext()) { 
           Workflow.Step step = (Workflow.Step)iter.next(); 
           Workflow sub = step.getSubProcess(); 
           if (sub != null) { 
                  handleWorkflow(sub,level +1); 
           } 
    }
}
QueryOptions qo = new QueryOptions(); 
Iterator  iter = context.search(Workflow.class, qo); 
while(iter.hasNext()){
    Workflow workflow = (Workflow)iter.next();
    handleWorkflow(workflow,0);    
}
]]>
</Source>
</Rule>

Select the Rule and click on the Run Rule Page and check the Catalina.out the file , It will show all the Sub- Workflow Name which is getting called from the Workflow, Below screenshot, shows all the Sub Workflow name getting called from the LCM Provisioning WF

Below the screenshot of the Catalina.out file

For Example below are the List of Sub Workflow which get called from the LCM Provisioning Workflow

Workflow:LCM Provisioning
Identity Request Initialize
Identity Request Violation Review
Do Provisioning Forms
Manage Ticket
Provision with retries
Provisioning Approval Subprocess
Approve and Provision Subprocess
Provisioning Approval Subprocess
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Approve and Provision Subprocess
Provisioning Approval Subprocess
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Identity Request Notify
Identity Request Finalize
Manage Ticket
Provision with retries