Showing posts with label Delimiter File Connector. Show all posts
Showing posts with label Delimiter File Connector. Show all posts

Saturday, August 4, 2018

SETTING ENTITLEMENT PROPERTY - OWNER , DISPLAY NAME , DESCRIPTION , IS REQUEST-ABLE

A brief overview of Entitlement Attributes in SailPoint IIQ followed by instructions on how to configure or set the Entitlement Attributes of the application..


Click on the link for on-boarding the Delimiter (Flat File base connector) . Make sure the step given in the link are completed before setting the property of the Entitlement such as the owner , Role Name , Role Display Name and Entitlement is requestable.


1. Open the Account Group Aggregation Task which was used in previous post for loading the Entitlement for the Application





2.We need to write the logic for the Group Aggregation Refresh Rule (This Rule is will called before committing any change related to the Entitlement Task ) So what-even attribute which we want to set for the particular entitlement before committing the changes we have to write the BL here in this rule.






3. Save the Rule and Execute the Task.

4. Verify the entitlement from Entitlement Catalog and check the values are set.

5. We have written the logic in which we are reading the Entitlement Attribute present in the File and setting the Entitlement owner , Entitlement Display Name , Entitlement Description and whether the Entitlement is requestable or not .













































Saturday, July 21, 2018

Delimited File Application Configuration Using OOTB Connector


Delimiter File Connector / Flat File Connector overview

This is the OOTB Connector which comes with the Sailpoint IdentityIQ Application and supports Aggregation of both the Accounts and Group object (Entitlement).

Connector Supports

  1. Reading data from a file which can be located locally or which is accessible from the application via FTP or SCP .
  2. Connector Supports files separated by a comma, semicolon, pipe or regular expression
  3. Supports different filtering options on the Files
  4. Supports the merging functionally like how  multiple records can be merged into the single
  5. The connector also supports partition like how much records batch which will be created.
1. Application Creation and Configuration

Create the 2 Sample file (Account file &Entitlement file ) sunAccount.csv and sunRole.csv before on boarding any delimiter type application.











Navigate to Applications -->Application Definition -->Add New Application
Select Application Type as DelimitedFile and set the other mandatory Attributes



2. Adding group object


Navigate to Configuration -->Setting-->Add object type




















3. Account and Group Source File Information

Configure the File Path, File location, Delimiter Type and other different setting based on the file need to be on-bordered for both account and group object. refer to the below as shown in the screenshot.

















4.Configure Account and Group Schema

Click on Discover Schema Attribute which will automatically populate the schema attribute for both the Account and Group Object type, this values will be populated from the Account and Group files. Make sure identity Attribute is populated this attribute is used to decide the uniqueness of the object/.
Since we have an entitlement file and the account contains the group, make sure the Role attribute on account object is set as type Role and of type entitlement and multi-valued.

























5.Correlation Configuration

Click on New and create a new Correlation rule by selecting USERNAME Attribute from the account file = name attribute from the user identity, make sure that once the rule is saved it will be visible in attribute-based correlation.



6.Aggregation Task

Creating a Group Aggregation Task
Setup -->Tasks --> New Task --> Account Group Aggregation
Make sure the Task is created with the proper selection of different options available in the task definition.




Creating an Account Aggregation Task
Setup -->Tasks --> New Task --> Account Aggregation
Make sure the Task is created with the proper selection of different options available in the task definition.





7.Confirming Correlations and Accounts

Navigate to Application --> Entitlement Catalog and see if the Entitlement is getting loaded from the Role file.



Same way validate the Account and Entitlement of the user which is being loaded, Open the user identity from Identity warehouse and check the Application and Entitlement details of the user