Showing posts with label User Identity. Show all posts
Showing posts with label User Identity. Show all posts

Thursday, August 29, 2019

SQL IDENTITY ENTITLEMENT DETAILS SAILPOINT IDENTITY IQ

This will get list of all the Entitlement details for the particular user

Select  SPT_IDENTITY.NAME AS "USER ID" ,SPT_APPLICATION.NAME AS "APPLICATION NAME", 
        SPT_IDENTITY_ENTITLEMENT.NATIVE_IDENTITY AS "ACCOUNT ID", 
        SPT_IDENTITY_ENTITLEMENT.VALUE  AS "ENTITLEMENT VALUE"
        from SPT_IDENTITY_ENTITLEMENT , 
             SPT_MANAGED_ATTRIBUTE , 
             SPT_APPLICATION ,
             SPT_IDENTITY 
        where 
            SPT_MANAGED_ATTRIBUTE.APPLICATION=SPT_IDENTITY_ENTITLEMENT.APPLICATION and
            SPT_MANAGED_ATTRIBUTE.VALUE = SPT_IDENTITY_ENTITLEMENT.VALUE and 
            SPT_IDENTITY_ENTITLEMENT.IDENTITY_ID = SPT_IDENTITY.ID and
            SPT_APPLICATION.ID=SPT_MANAGED_ATTRIBUTE.APPLICATION and
            SPT_IDENTITY.CORRELATED ='1' and
            SPT_IDENTITY.NAME=<NAME ATTRIBUTE>



This will get list of all the Entitlement details for the all the user's

Select  SPT_IDENTITY.NAME AS "USER ID" ,SPT_APPLICATION.NAME AS "APPLICATION NAME", 
        SPT_IDENTITY_ENTITLEMENT.NATIVE_IDENTITY AS "ACCOUNT ID", 
        SPT_IDENTITY_ENTITLEMENT.VALUE  AS "ENTITLEMENT VALUE"
        from SPT_IDENTITY_ENTITLEMENT , 
             SPT_MANAGED_ATTRIBUTE , 
             SPT_APPLICATION ,
             SPT_IDENTITY 
        where 
            SPT_MANAGED_ATTRIBUTE.APPLICATION=SPT_IDENTITY_ENTITLEMENT.APPLICATION and
            SPT_MANAGED_ATTRIBUTE.VALUE = SPT_IDENTITY_ENTITLEMENT.VALUE and 
            SPT_IDENTITY_ENTITLEMENT.IDENTITY_ID = SPT_IDENTITY.ID and
            SPT_APPLICATION.ID=SPT_MANAGED_ATTRIBUTE.APPLICATION and

            SPT_IDENTITY.CORRELATED ='1' and


Same Query can be modified and can be used to get the data with more details like extended attribute from Entitlement catalog or the Identity Attributes.


SPT_IDENTITY_ENTITLEMENT --> Contain relation between the Identity and Identity Entitlement.
SPT_MANAGED_ATTRIBUTE --> Contains the managed attributes details
SPT_APPLICATION --> Contain the Application related details
SPT_IDENTITY --> Contains all the User Identity Attributes

Monday, July 16, 2018

CONFIGURING IDENTITY ATTRIBUTES IN SAILPOINT IIQ

Personal identity attributes / User Attributes are personal identifiers that are commonly used to distinguish one person from others. Examples include, but are not limited to, name, date of birth, social security number (SSN), and address. OOTB Sailpoint IdentityIQ IIQ comes with few sets of attributes , but most of the times we are required to extend the list of the Attributes , Here i have given the steps to add the more extended or custom attributes to the user or identity.


A brief overview of Identity Attributes in SailPoint IIQ followed by instructions on how to configure Searchable Identity Attributes.

      1.     Navigate to “identityiq_home\WEB-INF\classes\sailpoint\object”














2.     Add the Attribute details need to be extended as shown below









3.     Run Schema Extend Attribute to generate the sql command. (iiq extendedSchema)











    4.     Navigate to below path and check the file to see if the SQL commands are generated.identityiq_home\WEB-INF\database\add_identityiq_extensions.oracle

      5.     Run the cmd through SQL client to modify the SPT_IDENTITY Table


       6.     Adding Attribute to Identity Mapping and UI Config
1.     Log into SailPoint Identity IQ as an admin
2.     Click on System Setup > Identity Mappings
3.     Click New Identity Attribute
4.     Enter the attribute name and displayname for the Attribute
Attribute name should be same as the one given in (IdentityExtended.hbm.xml)
5.     Select any desired options (Multi-Valued, Searchable, Group Factory, Edit mode, etc.)
6.     Repeat step 5 for all mapped attributes
7.     Click OK











       








            1.    Log into SailPoint Identity IQ as an admin
2.     Navigate to the debug interface (http://localhost:8080/identityiq_home/debug/debug.jsf)
3.     Click on the UI Config button
4.     Modify the following entry:
<entry key=”identityViewAttributes” value=”name,firstname,lastname,email,manager“/>

5. Click Save























       7.     Checking for user attribute modification
Only Attribute which are set as searchable be set in the respective column.