SQL IDENTITY ENTITLEMENT DETAILS SAILPOINT IDENTITY IQ

This will get list of all the Entitlement details for the particular user

Select  SPT_IDENTITY.NAME AS "USER ID" ,SPT_APPLICATION.NAME AS "APPLICATION NAME", 
        SPT_IDENTITY_ENTITLEMENT.NATIVE_IDENTITY AS "ACCOUNT ID", 
        SPT_IDENTITY_ENTITLEMENT.VALUE  AS "ENTITLEMENT VALUE"
        from SPT_IDENTITY_ENTITLEMENT , 
             SPT_MANAGED_ATTRIBUTE , 
             SPT_APPLICATION ,
             SPT_IDENTITY 
        where 
            SPT_MANAGED_ATTRIBUTE.APPLICATION=SPT_IDENTITY_ENTITLEMENT.APPLICATION and
            SPT_MANAGED_ATTRIBUTE.VALUE = SPT_IDENTITY_ENTITLEMENT.VALUE and 
            SPT_IDENTITY_ENTITLEMENT.IDENTITY_ID = SPT_IDENTITY.ID and
            SPT_APPLICATION.ID=SPT_MANAGED_ATTRIBUTE.APPLICATION and
            SPT_IDENTITY.CORRELATED ='1' and
            SPT_IDENTITY.NAME=<NAME ATTRIBUTE>



This will get list of all the Entitlement details for the all the user's

Select  SPT_IDENTITY.NAME AS "USER ID" ,SPT_APPLICATION.NAME AS "APPLICATION NAME", 
        SPT_IDENTITY_ENTITLEMENT.NATIVE_IDENTITY AS "ACCOUNT ID", 
        SPT_IDENTITY_ENTITLEMENT.VALUE  AS "ENTITLEMENT VALUE"
        from SPT_IDENTITY_ENTITLEMENT , 
             SPT_MANAGED_ATTRIBUTE , 
             SPT_APPLICATION ,
             SPT_IDENTITY 
        where 
            SPT_MANAGED_ATTRIBUTE.APPLICATION=SPT_IDENTITY_ENTITLEMENT.APPLICATION and
            SPT_MANAGED_ATTRIBUTE.VALUE = SPT_IDENTITY_ENTITLEMENT.VALUE and 
            SPT_IDENTITY_ENTITLEMENT.IDENTITY_ID = SPT_IDENTITY.ID and
            SPT_APPLICATION.ID=SPT_MANAGED_ATTRIBUTE.APPLICATION and

            SPT_IDENTITY.CORRELATED ='1' and


Same Query can be modified and can be used to get the data with more details like extended attribute from Entitlement catalog or the Identity Attributes.


SPT_IDENTITY_ENTITLEMENT --> Contain relation between the Identity and Identity Entitlement.
SPT_MANAGED_ATTRIBUTE --> Contains the managed attributes details
SPT_APPLICATION --> Contain the Application related details
SPT_IDENTITY --> Contains all the User Identity Attributes

CONFIGURING EXTENDED APPLICATION ATTRIBUTES IN SAILPOINT IIQ

A brief overview of Extended Application Attributes in SailPoint IIQ followed by instructions on

how to configure or Extend the Schema of Application Object in Sailpoint IIQ.

1.     Navigate to “identityiq_home\WEB-INF\classes\sailpoint\object”

2.     Add the Extended Attribute details need to be extended as shown below for the Application object in IIQ

3.     Run Schema Extend Attribute to generate the sql command. (iiq extendedSchema)

4.     Navigate to below path and check the file to see if the SQL commands are generated

identityiq_home\WEB-INF\database\add_identityiq_extensions.oracle

5.     Run the cmd through SQL client to modify the SPT_IDENTITY Table

  6.     Adding Attribute to Application Extended Attribute

1.      Log into SailPoint Identity IQ as an admin

2.      Click on System Setup > Application Attributes

3.      Click New Attribute

4.      Enter the attribute name and displayname for the Attribute

Attribute name should be the same as the one given in (ApplicationExtended.hbm.xml)

5.      Select any desired options (Type, Searchable, Required, Editable, etc.)

6.      Repeat step 5 for all mapped attributes

7.      Click Save

 7.     Open any Existing or New Application from the UI and we will see the Extended Attributes

are added to the Application Schema Under the Extended Attributes

CONFIGURING IDENTITY ATTRIBUTES IN SAILPOINT IIQ

Personal identity attributes / User Attributes are personal identifiers that are commonly used to distinguish one person from others. Examples include, but are not limited to, name, date of birth, social security number (SSN), and address. OOTB Sailpoint IdentityIQ IIQ comes with few sets of attributes , but most of the times we are required to extend the list of the Attributes , Here i have given the steps to add the more extended or custom attributes to the user or identity.

A brief overview of Identity Attributes in SailPoint IIQ followed by instructions on how to configure Searchable Identity Attributes.

      1.     Navigate to “identityiq_home\WEB-INF\classes\sailpoint\object”

2.     Add the Attribute details need to be extended as shown below

3.     Run Schema Extend Attribute to generate the sql command. (iiq extendedSchema)

    4.     Navigate to below path and check the file to see if the SQL commands are generated.identityiq_home\WEB-INF\database\add_identityiq_extensions.oracle

      5.     Run the cmd through SQL client to modify the SPT_IDENTITY Table

       6.     Adding Attribute to Identity Mapping and UI Config

1.     Log into SailPoint Identity IQ as an admin

2.     Click on System Setup > Identity Mappings

3.     Click New Identity Attribute

4.     Enter the attribute name and displayname for the Attribute

Attribute name should be same as the one given in (IdentityExtended.hbm.xml)

5.     Select any desired options (Multi-Valued, Searchable, Group Factory, Edit mode, etc.)

6.     Repeat step 5 for all mapped attributes

7.     Click OK

       

            1.    Log into SailPoint Identity IQ as an admin

2.     Navigate to the debug interface (http://localhost:8080/identityiq_home/debug/debug.jsf)

3.     Click on the UI Config button

4.     Modify the following entry:
<entry key=”identityViewAttributes” value=”name,firstname,lastname,email,manager“/>

5. Click Save

       7.     Checking for user attribute modification

Only Attribute which are set as searchable be set in the respective column.