Wednesday, April 29, 2020

Sailpoint Identity IQ List of Role Bundle Mapped for Particular User using DB Query

SQL to get the list of Business / IT Role in Sailpoint IIQ which is mapped for the particular User , This query will give the information such as the Bundle ID , Bundle Name , Bundle Type , isBundle Request-able and the Entitlement tied to the IT Bundle


SELECT 
 BUN.ID,
 BUN.TYPE,
 BUN.NAME,
 BUN.DISPLAY_NAME,
 BUN.REQUESTABLE,
 PROF_CONS.ELT,
 IDENTITY2.NAME
FROM  
 SPT_BUNDLE BUN,
 SPT_PROFILE PROFILE,
 SPT_PROFILE_CONSTRAINTS PROF_CONS,
 SPT_BUNDLE_REQUIREMENTS BUN_REQ,
 SPT_IDENTITY_BUNDLES IDENTITY1,
 SPT_IDENTITY IDENTITY2
WHERE 
 BUN.ID=PROFILE.BUNDLE_ID AND
 PROFILE.ID=PROF_CONS.PROFILE AND
 BUN_REQ.CHILD = BUN.ID AND
 BUN.ID=IDENTITY1.BUNDLE AND
 IDENTITY1.IDENTITY_ID = IDENTITY2.ID AND
 IDENTITY2.NAME = 'XXXXX'

Posted by at 2 comments:
Labels: , , , , , , , , , , ,

Thursday, April 9, 2020

Sailpoint IQ Active Directory Application Integration Using OOTB Connector - Provisioning

Integration of Active Directory with SailPoint IIQ

Below Steps need to be followed for the Active Directory and Sailpoint IIQ Integration

 1. Need to Install IQ Service , All the Provisioning for Active Directory from IIQ happens through the Agent  which need to be installed
follow the steps to install the IQ service 

 2. Need to step the Application and Aggregate all the existing groups and the Accounts from the Active Directory
follow this steps for Setting up the Active Directory Application. 

 3. Create the Filed value Rule 
follow the steps for creating field value Rule

 4. Create the Provisioning form and populating the value for the fields which are mandatory for creating the Active Directory account
Object Type -->User
Account DN --> User DN
User ID --> samAccountName
User Principal Name -->Log-on Name
Password
First Name
Last Name
Full Name

 Make sure below Filed Value Rule Mapping is done for all the Required fields






























5.  Creating the After Provisioning Rule
Follow the Instruction 

 6. Attach this Rule in the Rule section of the Application in after Provisiong Rule , This Rule will send the Email for Success and Failure of the operation on the User.

 Also make sure that this email Template are created 
Active Directory PH Accounts Joiner AD Account Creation Notification
Active Directory PH Accounts Joiner AD Failure Notification
7. Now go to the Access Request Page , Select the User --> Select any of the Entitlement belongs to this Application and Submit the request (make sure the Entitlement is requestable , then only it will be available in the Access Request Page)

 8. After Submission , it will go through the Approval , which can be Track from the Track Request Page , Once the Approval is done , Provisioning will start

 9. Run the Perform Maintenance Task to  Trigger the Provisioning.

 10. Check the AD and see if the user is created with the values populated in filed value rule and Entitlement request will also get added  and also Email will be Triggered with the account details and the Password.

 11. Run Perform Identity Request Maintenance Task to complete the Request. 
Posted by at 7 comments:
Labels: , , , , , , , , , , ,

Wednesday, April 8, 2020

Sailpoint IIQ Pending Request Details API

Get All the Pending Request Details for the Particular beneficiary , This code will give the below details

 Requester
Access Request Number
Identity Request ID
Approval WorkItem ID
Approval WorkItem Pending With
Requester
WorkFlow Case ID
Pending Task ID

public  void getPendingRequestDetails(String beneficiary,SailPointContext context) throws GeneralException {

  String identityRequestID;
  String identityRequestObjectID;
  String accessRequestID = null;
  HashMap returnMap = new HashMap();
  
  Identity identity = context.getObjectByName(Identity.class, beneficiary);
  String beneficiaryName = identity.getName();

  QueryOptions queryOption = new QueryOptions();
  queryOption.addFilter(Filter.eq("targetName", beneficiaryName));
  queryOption.addFilter(Filter.eq("type", "Approval"));
  queryOption.addFilter(Filter.isnull("state"));

  Iterator itWorkItems = context.search(WorkItem.class, queryOption);

  while ((null != itWorkItems) && (itWorkItems.hasNext())) {
   WorkItem workitem = (WorkItem) itWorkItems.next();
   identityRequestID = workitem.getIdentityRequestId();
   if (null != identityRequestID) {
    accessRequestID = new Integer(identityRequestID).toString();
   }  
   if (identityRequestID != null) {
    IdentityRequest irReq = context.getObjectByName(IdentityRequest.class, identityRequestID);
    identityRequestObjectID = irReq.getId();
    
    TaskResult taskResult = context.getObjectById(TaskResult.class,(String)irReq.getAttribute("taskResultId"));    
    WorkflowCase workflowCase = context.getObjectById(WorkflowCase.class,(String) taskResult.getAttribute("workflowCaseId"));
        
    returnMap.put("Access Request Number", accessRequestID);
    returnMap.put("Identity Request ID", identityRequestObjectID);
    returnMap.put("Approval WorkItem ID", workitem.getId());
    returnMap.put("Approval WorkItem Pending", workitem.getOwner().getName());
    returnMap.put("Requester", workitem.getRequester().getName());
    returnMap.put("Task Result ID", (String)irReq.getAttribute("taskResultId"));
    returnMap.put("WorkFlowCase ID", (String) taskResult.getAttribute("workflowCaseId"));
    
   } 
   if (null != workitem && null != workitem.getApprovalSet()) {
    ApprovalSet appSet = workitem.getApprovalSet();
    List approvalItems = appSet.getItems();  
    String entname1 = null;
    for (Object itemObj : approvalItems) {
     String entname = null;
     ApprovalItem item = (ApprovalItem) itemObj;
     if (item.getValue() instanceof String) {
      entname = (String) item.getValue();
      entname1 = entname1 + "||" + entname;
     }
     if (item.getValue() instanceof List) {
      entname = (String) ((List) item.getValue()).get(0);
      entname1 = entname1 + "||" + entname;
     }
    }
   // returnMap.put("Entitlement", entname1);
   }
   System.out.println(returnMap);
  }
  
  sailpoint.tools.Util.flushIterator(itWorkItems);
 } 




{Requester=vkejriwal, Identity Request ID=8a88b861710725440171321c92ed526a, Access Request Number=16899, WorkFlowCase ID=8a88b861710725440171321c91e15265, Approval WorkItem ID=8a88b861710725440171321c98c25270, Task Result ID=8a88b861710725440171321c91dc5264, Approval WorkItem Pending=72349117}
{Requester=aagarwala, Identity Request ID=8a88b861710725440171320d7ebe5222, Access Request Number=16898, WorkFlowCase ID=8a88b861710725440171320d7de6521d, Approval WorkItem ID=8a88b861710725440171320e1214522e, Task Result ID=8a88b861710725440171320d7dd7521c, Approval WorkItem Pending=VIS Fallback Approval Workgroup}


Posted by at 2 comments:
Labels: , , , , , , , , , ,
Subscribe to: Posts (Atom)