Showing posts with label 7.2. Show all posts
Showing posts with label 7.2. Show all posts

Thursday, August 20, 2020

Sailpoint IdentityIQ Export Object using Sailpoint API

All Sailpoint IdentityIQ Object can be exported using the API also , hear is the example of the code which is used to export all the Bundle object present in the instance.

Generally we use the console to export the sailpoint identityIQ object 

checkout <class name> <object name or ID> <file> [-clean [=id,created…]]

Similar thing can be done using the API also, below is the sample source code 

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

import sailpoint.api.SailPointContext;
import sailpoint.api.SailPointFactory;
import sailpoint.object.Bundle;
import sailpoint.object.Filter;
import sailpoint.object.QueryOptions;
import sailpoint.server.ExportVisitor;
import sailpoint.server.Exporter.Cleaner;
import sailpoint.spring.SpringStarter;
import sailpoint.tools.GeneralException;
import sailpoint.tools.Util;
		
               List propertiesToClean = new ArrayList();
		propertiesToClean.add("id");
		propertiesToClean.add("created");
		propertiesToClean.add("modified");
		Cleaner cleaner = new Cleaner(propertiesToClean);
		
		
		try {
			List<Bundle> roles = context.getObjects(Bundle.class);
			System.out.println(roles);
			  for (Bundle bun : roles){
			    try{
			    	if(null !=bun.getType() && bun.getType().equalsIgnoreCase("business")){
						//new ExportVisitor(context).visit(bun);
						String xml = bun.toXml();
						System.out.println("raw xml" + xml);
					if (propertiesToClean != null){
						xml = cleaner.clean(xml);
						System.out.println("clean xml" + xml);
					}
					Util.writeFile("C://Temp//"+bun.getName()+".xml", xml);		    	
			    	}
			    }catch (GeneralException e) {
					// TODO Auto-generated catch block
					e.printStackTrace();
				}			
			  }
		} catch (GeneralException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}finally {
			try {
				SailPointFactory.releaseContext(context);
			} catch (GeneralException e) {
				e.printStackTrace();
			}
		}
		
	}



Sunday, July 19, 2020

Sailpoint IdenityIQ Application Accounts status Custom Report

Custom Report to get account status of the Application , Basically this report can be used to give the details of all the accounts with the account status for Different Application in Sailpoint Identity IQ.


<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<TaskDefinition executor="sailpoint.reporting.LiveReportExecutor" name="VISHAL Application Account Status Report" progressMode="Percentage" resultAction="Rename" subType="Identity and User Reports" template="true" type="LiveReport">
  <Attributes>
    <Map>
      <entry key="report">
        <value>
          <LiveReport title="Data Validation Report">
            <DataSource objectType="sailpoint.object.Link" type="Filter">
              <QueryParameters>
                <Parameter argument="applications" property="application.id"/>
              </QueryParameters>
            </DataSource>
            <Columns>
              <ReportColumnConfig field="application" header="rept_account_by_attr_col_application" property="application.name" sortable="true" width="110"/>
              <ReportColumnConfig field="account" header="AccountName" property="id" sortable="true" width="110">
					<RenderScript>
					<Source>
					import sailpoint.object.*;
                    if(null != value){
                         Link link = context.getObjectById(Link.class,value);                   
                         String accName = link.getDisplayName();
                         String nativeName = link.getNativeIdentity();                   
                          if(accName != null){
                              return accName;
                          }
                          else{
                              return nativeName;
                          }
                      }
					</Source>
				</RenderScript>
			 </ReportColumnConfig>
			  <ReportColumnConfig field="Status" header="Status" property="id" sortable="true" width="110">
				<RenderScript>
				<Source>
                import sailpoint.object.*;
                   if(null != value){
                       Link link = context.getObjectById(Link.class,value);
                    if(link.isDisabled()){
                  return "Disabled";
                    }else{
                    return "Active";
                    }
                   }
				</Source>
			</RenderScript>
			</ReportColumnConfig>
            </Columns>
          </LiveReport>
        </value>
      </entry>
    </Map>
  </Attributes>
  <Description>Report for querying accounts native identity and status details.</Description>
  <RequiredRights>
    <Reference class="sailpoint.object.SPRight" name="FullAccessApplicationUserReport"/>
  </RequiredRights>
  <Signature>
    <Inputs>
      <Argument multi="true" name="applications" type="Application">
        <Description>rept_input_user_report_apps</Description>
        <Prompt>Select the applications to include in the report</Prompt>
      </Argument>
    </Inputs>
  </Signature>
</TaskDefinition>

Saturday, July 11, 2020

Sailpoint IdenityIQ Application Health Checkup Custom Report


Custom Report to test the Connectivity of the Application , Basically this report can be used to check the Health of the Different Application in Sailpoint Identity IQ

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<TaskDefinition executor="sailpoint.reporting.LiveReportExecutor" name="VISHAL Target Applications Connection Check" progressMode="Percentage" resultAction="Rename" subType="Configured Resource Reports" template="true" type="LiveReport">
  <Attributes>
    <Map>
      <entry key="TaskDefinition.runLengthAverage"/>
      <entry key="TaskDefinition.runLengthTotal"/>
      <entry key="TaskDefinition.runs"/>
      <entry key="report">
        <value>
          <LiveReport title="Applications Detail Report">
            <DataSource objectType="Application" type="Filter">
              <QueryParameters>
                <Parameter argument="applications" property="id"/>
                <Parameter argument="owners" property="owner.id"/>
              </QueryParameters>
            </DataSource>
            <ReportForm>
              <Reference class="sailpoint.object.Form" name="Applications Detail Report Form"/>
            </ReportForm>
            <Columns>
              <ReportColumnConfig field="application" header="rept_app_grid_col_app" property="name" sortable="true" width="110"/>
              <ReportColumnConfig field="connectionStatus" header="Target System Connection Status" property="id" sortable="true" width="110">
                <RenderScript>
                  <Source>
				  
import sailpoint.connector.Connector;  
import sailpoint.connector.ConnectorFactory; 
import sailpoint.connector.*; 
import sailpoint.object.Application;  
import sailpoint.object.TaskItemDefinition;  
import sailpoint.object.TaskItemDefinition.ProgressMode;  
import sailpoint.tools.GeneralException;  
import sailpoint.tools.Message;  
import sailpoint.tools.Util;  
import sailpoint.api.SailPointContext;
import sailpoint.object.*;
import java.lang.reflect.Constructor;
import java.util.*;

  
try {  

        Application app = (Application) context.getObjectById(Application.class, value);
        if (app != null) {   
                try {  
                    
                    Connector connector = ConnectorFactory.getConnector(app, null);
					connector.testConfiguration();
                    return "Test Connection Successful.";
                } catch (Exception e) { 
                    return e.getMessage();
                        log.error(e);  
                }  
        }  
} catch (Exception e) {  

        log.error(e);  
        throw(e);  
}  
                  </Source>
                </RenderScript>
              </ReportColumnConfig>
            </Columns>
          </LiveReport>
        </value>
      </entry>
    </Map>
  </Attributes>
  <Description>Displays configured applications Test Connection</Description>
  <RequiredRights>
    <Reference class="sailpoint.object.SPRight" name="FullAccessApplicationReport"/>
  </RequiredRights>
  <Signature>
    <Inputs>
      <Argument multi="true" name="applications" type="Application">
        <Description>rept_input_app_report_apps</Description>
      </Argument>
      <Argument filterString="capabilitiesString != &quot;null&quot;" multi="true" name="owners" type="Identity">
        <Description>rept_input_app_report_owners</Description>
      </Argument>
    </Inputs>
  </Signature>
</TaskDefinition>



Thursday, June 18, 2020

Sailpoint IdenityIQ Run Rule Task Input Field Of Different Type

Generally in Run Rule Task we select the rule which need to be triggered , But if we have a requirement were the Run Rule Task takes the input from the user while triggering and that too input field should be of multiples type such as Text Field , Multi-Select , Radio Button , Check box , drop down ; that we can achieve using the below customization :-)
 
1. Create a xhtml file named "visCustomRuleTask.xhtml"and copy the same file in the  identityiq_home/monitor/tasks/ directory on the server on which identityIQ is running ,basically copy the below code and make the xhtml file.


<!DOCTYPE html PUBLIC
                "-//W3C//DTD XHTML 1.0 Transitional//EN"
                "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"
  xmlns:ui="http://java.sun.com/jsf/facelets"
  xmlns:f="http://java.sun.com/jsf/core"
  xmlns:a4j="http://richfaces.org/a4j"
  xmlns:c="http://java.sun.com/jstl/core"
  xmlns:h="http://java.sun.com/jsf/html"
  xmlns:t="http://myfaces.apache.org/tomahawk"
  xmlns:sp="http://sailpoint.com/ui">
<body>
<ui:composition>
    <div style="width:97%;">
        <table class="spTable" cellspacing="0">
            <tr>
                <th colspan="2">Rule Run Input Values</th>
            </tr>			
	<!-- Dropdown Value -->			
            <tr>
                 <td>
                    <sp:outputText value="#{taskDefinition.argMap['country'].argument.prompt}"/>
                </td>
                <td>
                    <h:selectOneMenu id="country" value="#{taskDefinition.argMap['country'].value}">
                        <f:selectItem itemLabel="India" itemValue="India"></f:selectItem>
			<f:selectItem itemLabel="Brazil" itemValue="Brazil"></f:selectItem>
                        <f:selectItem itemLabel="USA" itemValue="United States"></f:selectItem>						
                        <f:selectItem itemLabel="UK" itemValue="United Kingdom"></f:selectItem>
                    </h:selectOneMenu>
                </td>
            </tr>			
	    <!-- Text Value -->			
            <tr>
                <td>
		    <sp:outputText value="#{taskDefinition.argMap['dbName'].argument.prompt}"/>
		</td>
                <td>
                    <h:inputText size="40" id="dbName" value="#{taskDefinition.argMap['dbName'].value}" required="true" />
                    <a4j:outputPanel ajaxRendered="true">
                    <h:message styleClass="formError" for="dbName" />
                    </a4j:outputPanel>
                </td>
            </tr>			
	    <!-- Text Value -->			
            <tr>
                <td>
		<sp:outputText value="#{taskDefinition.argMap['ruleName'].argument.prompt}"/>
		</td>
                <td>
                    <sp:inputText size="40" id="ruleName" value="#{taskDefinition.argMap['ruleName'].value}" redisplay="true" autocomplete="off" required="true" />
                    <a4j:outputPanel ajaxRendered="true">
                    <h:message styleClass="formError" for="ruleName"/>
                    </a4j:outputPanel>
                </td>
            </tr>			
           <!-- Secret Value -->
            <tr>
                <td>
                   <sp:outputText value="#{taskDefinition.argMap['password'].argument.prompt}"/>
                </td>
                <td>
                    <sp:inputSecret size="40" id="password" value="#{taskDefinition.argMap['password'].value}" redisplay="true" autocomplete="off" required="true" />
                    <a4j:outputPanel ajaxRendered="true">
                    <h:message styleClass="formError" for="password"/>
                    </a4j:outputPanel>
                </td>
            </tr>
            <tr>
                <td>
                    <sp:outputText value="#{taskDefinition.argMap['noAutoCreate'].argument.prompt}"/>
                </td>
                <td>
                   <h:selectBooleanCheckbox id="noAutoCreate" value="#{taskDefinition.argMap['noAutoCreate'].booleanValue}"/>
                </td>
            </tr>
            <!-- Multi Select Values -->
            <tr>
                <td>
		    <sp:outputText  value="#{taskDefinition.argMap['color'].argument.prompt}"/>
                </td>
                <td>
                    <h:selectManyListbox size="7" value="#{taskDefinition.argMap['color'].objectListValue}">
                        <f:selectItem itemLabel="Black" itemValue="Black"/>
                        <f:selectItem itemLabel="Blue" itemValue="Blue"/>
                        <f:selectItem itemLabel="Green" itemValue="Green"/>
                        <f:selectItem itemLabel="Red" itemValue="Red"/>
                    </h:selectManyListbox>
                </td>
            </tr>
            <!-- Radio button Value -->
            <tr>
                <td valign="top">
                    <sp:outputText value="#{taskDefinition.argMap['mode'].argument.prompt}"/>
                </td>
                <td>
                    <h:selectOneRadio id="mode" value="#{taskDefinition.argMap['mode'].value}">
                        <f:selectItem itemLabel="Full" itemValue="full" />
                        <f:selectItem itemLabel="Incremental" itemValue="incremental"/>
                    </h:selectOneRadio>
                </td>
            </tr>            
	     <!-- Select Rule Object -->
            <tr>
                <td>
                    <sp:outputText  value="#{taskDefinition.argMap['ruleAll'].argument.prompt}"/>
                </td>
                <td>
                    <a4j:outputPanel id="creationRulePanel">
                    <h:selectOneMenu id="ruleAll" value="#{taskDefinition.argMap['ruleAll'].value}">
                        <f:selectItem itemLabel="Rule All" itemValue=""/>
                        <f:selectItems value="#{taskDefinition.argMap['ruleAll'].objectNames}"/>
                    </h:selectOneMenu>
                    </a4j:outputPanel>
		</td>
	    </tr>
        </table>
    </div>
</ui:composition>
</body>
</html>




 

2. Create a TaskDefination object using the debug page 

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<TaskDefinition  formPath="/monitor/tasks/visCustomRuleTask.xhtml" name="VIS Custom Rule Run Task" resultAction="Delete" subType="task_item_type_generic" type="Generic">
  <Attributes>
    <Map>
      <entry key="TaskDefinition.runLengthAverage" value="0"/>
      <entry key="TaskDefinition.runLengthTotal" value="4"/>
      <entry key="TaskDefinition.runs" value="36"/>
      <entry key="TaskSchedule.host"/>
      <entry key="taskCompletionEmailNotify" value="Disabled"/>
      <entry key="taskCompletionEmailRecipients"/>
      <entry key="taskCompletionEmailTemplate"/>
      <entry key="ruleName" value="VIS Custom Rule Run"/>
    </Map>
  </Attributes>
  <Description>A task that can be used to run an arbitrary rule.</Description>
  <Owner>
    <Reference class="sailpoint.object.Identity" name="spadmin"/>
  </Owner>
  <Parent>
    <Reference class="sailpoint.object.TaskDefinition" name="Run Rule"/>
  </Parent>
  <Signature>
    <Inputs>
      <Argument helpKey="help_task_run_rule_rule" name="ruleName" type="string">
        <Prompt>label_rule</Prompt>
      </Argument>
      <Argument helpKey="User Country" name="country" type="string">
        <Prompt>User Country</Prompt>
      </Argument>
      <Argument helpKey="Database Name" name="dbName" type="string">
        <Prompt>Database Name</Prompt>
      </Argument>
      <Argument helpKey="Password" name="password" type="secret">
        <Prompt>Password</Prompt>
      </Argument>
      <Argument helpKey="Auto Create" name="noAutoCreate" type="boolean">
        <Prompt>Auto Create</Prompt>
      </Argument>
      <Argument helpKey="Color" multi="true" name="color" type="string">
        <Prompt>colour</Prompt>
      </Argument>
      <Argument helpKey="Mode" name="mode" type="string">
        <Prompt>Mode</Prompt>
      </Argument>
      <Argument helpKey="Rule All" name="ruleAll" type="Rule">
        <Prompt>All Rule</Prompt>
      </Argument>
    </Inputs>
  </Signature>
</TaskDefinition>

3. Create a Rule which need to be triggered when the above task is triggered

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" name="VIS Custom Rule Run">
  <Description>This rule is used to Run Rule .</Description>
  <Signature>
    <Inputs>
      <Argument name="log">
        <Description>
          The log object associated with the SailPointContext.
        </Description>
      </Argument>
      <Argument name="context">
        <Description>
          A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
        </Description>
      </Argument>
    </Inputs>
  </Signature>
  <Source>
		import sailpoint.object.Identity;
		import java.util.List;
		import java.util.ArrayList;
		import sailpoint.object.TaskDefinition;
		import sailpoint.object.TaskResult;
		import sailpoint.object.Filter;
		import sailpoint.object.QueryOptions;
		import sailpoint.object.Application;
		import java.util.*;
		import sailpoint.object.ManagedResource;
		import java.lang.*;



		System.out.println("----Task Start ---------");
		TaskDefinition taskDef = context.getObjectByName(TaskDefinition.class,"VIS Custom Rule Run Task");
		
		System.out.println("Task Definition:"+taskDef);

		String ruleName = taskDef.getString("ruleName");
		String country = taskDef.getString("country");
		String dbName = taskDef.getString("dbName");
		String password = taskDef.getString("password");
		String noAutoCreate = taskDef.getString("noAutoCreate");
		String color = taskDef.getString("color");
		String mode = taskDef.getString("mode");
		String ruleAll = taskDef.getString("ruleAll");

		System.out.println("ruleName:"+ruleName);
		System.out.println("country:"+country);
		System.out.println("dbName:"+dbName);
		System.out.println("password:"+password);
		System.out.println("noAutoCreate:"+noAutoCreate);
		System.out.println("color:"+color);
		System.out.println("mode:"+mode);
                System.out.println("ruleAll:"+ruleAll);
		
		System.out.println("----Task End ---------");
		
  		return "Success";
  									
  									
  </Source>
</Rule>

4. Search the Task name in Task which is created in above step , you will see different type of input in this task ,here we have using different types of input such as
  •     Drop down
  •     Text Field
  •     Secret Field
  •     Checkbox
  •     Multi-Select
  •     Radio Button
  •     Object Selector 
 



















5. We have written the Rule which is just printing the input value from the task , here we can see the output as the different value selected / Input while triggering this Run Rule Task.


Sunday, June 7, 2020

Sailpoint IdentityIQ Email Advance Analytics Report

Any OOTB report which is created in Sailpoint IdentityIQ using the Advance Analytics  can't be send as the attachment , as we have seen in OOTB report which is created using the Reports Section has a standard properties where we can define the email Address / or select the user where the report to be sent , but the same selection is not possible for the report created using the Advance Analytics

But using some workaround this can be done , Here i have created a report for all the user having First Name as a "Vishal"


Save the Report , This report will be visible in Report --> My Report Section


Navigate to Debug page in IdentityIQ


Open the Created Report in the debug page to add the identities to which report need to be sent ,Make sure the identity which is added has the email attribute populated , follow the tag as sown in the image 

<entry key="emailIdentities">
        <value>
          <List>
            <String><ID Value></String>
          </List>
        </value>
</entry>


 Navigate to the Report --> My Report , Search the Report which has been created using the Advance Analytics , right click and click Execute to trigger the report




Check for the Email with the Report as the attachment , if report is not yet delivered check the Audit logs