SAILPOINT IDENTITY IQ: Search results for Approval

Showing posts sorted by date for query Approval. Sort by relevance Show all posts

Sunday, August 1, 2021

Sailpoint IdentityIQ PolicyViolation WorkFlow

PolicyViolation WorkFlow , This WF is used to modify the violation object , This will remove the violation object and will remove if anything is added through LCM .

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Workflow PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Workflow explicitTransitions="true" handler="sailpoint.api.StandardWorkflowHandler" name="VIS Detective SOD Policy Violation Workflow" type="PolicyViolation">
  <Variable input="true" name="approvalObject">
    <Description>PolicyViolation to process.  Note that we use approvalObject for
      consistency with other workflows, but the violation has already
      been persisted.  Calling the commit or rollback actions will 
      have no effect.</Description>
  </Variable>
  <Variable input="true" name="approver">
    <Description>The user to receive the work item, normally the owner of the policy.</Description>
    <Script>
      <Source>
	  import sailpoint.object.Identity;
      
	  Identity newOwner= approvalObject.getOwner();
	  return newOwner.getName();
      </Source>
    </Script>
  </Variable>
  <Variable input="true" name="violator">
    <Description>The identity that has the violation.</Description>
  </Variable>
  <Variable name="approved">
    <Description>Internal variable automatically set logically true an Approval
      process completes with no rejects.
	</Description>
  </Variable>
  <Variable name="action">
    <Description>Variable that may be set in the approval page to determine 
      the action to take on this violation.  We handle violation approvals
      differently than most work items.  There is no &amp;quot;reject&amp;quot; there
      is a selection of an action (mitigate, remediate, delete, ignroe) 
      followed by buttons that always post approval.</Description>
  </Variable>
  <Variable name="expiration">
    <Description>Variable that must be set to a Date (or the String representation
      of a Date) in order to use the &amp;quot;mitigate&amp;quot; action.  This will
      be tested in the call:mitigate handler and logged if it is invalid.
      You may wish to have the worklfow do it&amp;#39;s own validation.</Description>
  </Variable>
  <Variable name="comments">
    <Description>Variable that may be set to comments to be included with
      a mitigation or remediation.</Description>
  </Variable>
  <Variable name="remediatables">
    <Description>Variable that may be set to a list of things that can
      be selected for remediation.  Currently this will only
      be set for Role SOD violations.</Description>
  </Variable>
  <Variable name="remediations">
    <Description>Variable holding the remediatables selected in the work item.</Description>
  </Variable>
  <RuleLibraries>
    <Reference class="sailpoint.object.Rule" name="Rule Library"/>
  </RuleLibraries>
  <Step icon="Default" name="Logs" posX="98" posY="126">
    <Arg value="ref:remediatables"/>
    <Script>
      <Source>
		import java.util.Map;
		import java.util.Date;
		import java.util.List;
		import java.util.HashMap;
		import java.util.ArrayList;
		import sailpoint.tools.Util;
		import sailpoint.object.Filter;	
		import sailpoint.api.ObjectUtil;		
		import java.text.ParseException;
		import java.text.SimpleDateFormat;
		import sailpoint.object.Identity;
		import sailpoint.object.QueryOptions;
		import sailpoint.api.SailPointContext;
		import sailpoint.object.EmailOptions;
		import sailpoint.object.EmailTemplate;
		import sailpoint.object.PolicyViolation;
		import sailpoint.object.ManagedAttribute;	
		import org.apache.commons.logging.Log;
		import sailpoint.tools.GeneralException;
		import sailpoint.object.IdentityEntitlement;
		import org.apache.commons.logging.LogFactory;
		import sailpoint.object.IdentitySelector.MatchTerm;

		Log logger = LogFactory.getLog("vis.workflow.visDetectiveSODPolicyViolationWorkflow");
        
		public boolean checkIfThroughLCM(String applicationName, String identityName, String entitlementName) {
			boolean wasThroughLCM = false;
		 
			StringBuilder result = new StringBuilder();
			String sDate1 = "06/05/2021";
			   
			Date date = new SimpleDateFormat("MM/dd/yyyy").parse(sDate1);
			result.append("date [").append(date).append("]\n");
			Filter dateCheckFilter = Filter.gt("created", date);

			logger.debug(" new Date dt : "+ sDate1 + " new date : " + result);
			QueryOptions  qo = new QueryOptions();

			qo.addFilter(Filter.and(Filter.eq("source","Aggregation"),Filter.eq("application.name",applicationName), Filter.eq("identity.name",identityName),Filter.eq("value",entitlementName),dateCheckFilter));
			List identityEntitlements = context.getObjects(IdentityEntitlement.class, qo);
			logger.debug("identityEntitlements :: " + identityEntitlements);
			if(identityEntitlements.size() > 0) {
				return true;
			}else {
				return false;
			}
		}
		public Map getEntitlementDetails(String entitlementValue, String applicationName) {
			QueryOptions qo = new QueryOptions();
			qo.addFilter(Filter.and(Filter.eq("value", entitlementValue)  ,   Filter.eq("application.name", applicationName)));
			Map entDetailsMap = new HashMap();
			List managedAttributes = context.getObjects(ManagedAttribute.class, qo);
			if(managedAttributes != null &amp;&amp; managedAttributes.size() > 0) {
				ManagedAttribute managedAttribute = managedAttributes.get(0);
				entDetailsMap.put("LogiplexName", managedAttribute.getAttribute("logiplexAppName"));
				entDetailsMap.put("EntitlementDescription", managedAttribute.getDescriptions().get("en_US") );
			}
			return entDetailsMap;
		}	


		//Main code starts here
		
		logger.debug("Startes Main code here");

		String piiMarkerGroup = "<<Left Group>>";
		String notificationTemplateForPolicyViolation = "VIS Policy Violation Notification Template";
		Identity violationOnwer   = approvalObject.getOwner();
		EmailTemplate violationTemplate = context.getObjectByName(EmailTemplate.class,notificationTemplateForPolicyViolation );
		Map emailVariables = new HashMap();
		String ownerEmails=   Util.listToCsv(ObjectUtil.getEffectiveEmails(context,violationOnwer));
		List entitlementsTobeAddedToViolation = new ArrayList();
		List PIIEntitlementsToBeAddedToViolation = new ArrayList();
        
		if (approvalObject != null &amp;&amp; approvalObject.getArgument("ViolatingEntitlements") != null) { 
			
			Identity identityWithViolation = approvalObject.getIdentity();
			
			String firstName = identityWithViolation.getFirstname();
			String lastName = identityWithViolation.getLastname();
			String lanId = identityWithViolation.getAttribute("lanId");
			String identityName = identityWithViolation.getAttribute("displayName");

			emailVariables.put("firstName", firstName);
			emailVariables.put("lastName", lastName);
			emailVariables.put("lanId", lanId);
			emailVariables.put("identityName", identityName);

			for (int i = 0; i &lt; approvalObject.getArgument("ViolatingEntitlements").size(); i++) {
				sailpoint.object.IdentitySelector.MatchTerm entitlementViolatingAtTop = approvalObject.getArgument("ViolatingEntitlements").get(i);
				if (entitlementViolatingAtTop != null) {       
					String applicationNameForViolatingEntitlement = "";
					String entitlementValueForViolatingEntitlement = "";
					String accountNameForViolatingEntitlement="";

					if(entitlementViolatingAtTop.getApplication() != null ){
						applicationNameForViolatingEntitlement = entitlementViolatingAtTop.getApplication().getName();
						accountNameForViolatingEntitlement= getAccountNmae(identityWithViolation, entitlementViolatingAtTop.getApplication());                                   
					}
					if(entitlementViolatingAtTop.getValue() != null) {
						entitlementValueForViolatingEntitlement = entitlementViolatingAtTop.getValue();
					}

					if(entitlementValueForViolatingEntitlement.equalsIgnoreCase(piiMarkerGroup)) {
						PIIEntitlementsToBeAddedToViolation.add(entitlementViolatingAtTop);
					}else {      
						boolean checkThruLCMmethodResult = checkIfThroughLCM(applicationNameForViolatingEntitlement, identityWithViolation.getName(), entitlementValueForViolatingEntitlement) ;      
						logger.debug("CheckThruLCMmethodResult::  " + checkThruLCMmethodResult );      
						if( checkThruLCMmethodResult == true ) {
							entitlementsTobeAddedToViolation.add(entitlementViolatingAtTop);     
							Map entDetails = getEntitlementDetails(entitlementValueForViolatingEntitlement, applicationNameForViolatingEntitlement);
				
							auditDetectiveSOD( "Violation Detected","Aggregation",lanId,entDetails.get("LogiplexName"),entitlementValueForViolatingEntitlement,accountNameForViolatingEntitlement,approvalObject,"Aggregation",lanId );  
				
							emailVariables.put("entitltmentName",entitlementValueForViolatingEntitlement);
							emailVariables.put("entitltmentDesc",entDetails.get("EntitlementDescription"));
			   
							if(violationTemplate!= null){
								logger.debug("Violation temp loop");
								Identity policyViolationApproverObject   = approvalObject.getOwner();							
								if(null!=policyViolationApproverObject &amp;&amp; ( Util.listToCsv(ObjectUtil.getEffectiveEmails(context,policyViolationApproverObject)) != null)){
									approverEmails =  Util.listToCsv(ObjectUtil.getEffectiveEmails(context,policyViolationApproverObject));		
									EmailOptions ops = new EmailOptions(approverEmails, emailVariables);            
									try {
										context.sendEmailNotification(violationTemplate, ops);
									}catch(Exception e){ 
										log.error("Could not send email to GS team as : " + e);
									}
									logger.debug("Email Sent ");
								}
							}
						}
					}
				}
			}  
		}		
		if(entitlementsTobeAddedToViolation != null &amp;&amp; entitlementsTobeAddedToViolation.size() >0){         
			entitlementsTobeAddedToViolation.addAll(PIIEntitlementsToBeAddedToViolation) ;
			approvalObject.setArgument("ViolatingEntitlements",entitlementsTobeAddedToViolation );
			context.saveObject(approvalObject);
			context.commitTransaction();
			logger.debug("OBJECT persisted");
        }else{
			context.removeObject(approvalObject);
			context.commitTransaction();
			logger.debug("OBJECT DELETED");
        }
		
		logger.debug("End of workflow Step");
      </Source>
    </Script>
    <Transition to="End"/>
  </Step>
  <Step icon="Stop" name="End" posX="160" posY="126"/>
  <Step icon="Start" name="Start" posX="28" posY="10">
    <Transition to="Logs"/>
  </Step>
</Workflow>

Thursday, April 9, 2020

Sailpoint IQ Active Directory Application Integration Using OOTB Connector - Provisioning

Integration of Active Directory with SailPoint IIQ

Below Steps need to be followed for the Active Directory and Sailpoint IIQ Integration

1. Need to Install IQ Service , All the Provisioning for Active Directory from IIQ happens through the Agent which need to be installed
follow the steps to install the IQ service

2. Need to step the Application and Aggregate all the existing groups and the Accounts from the Active Directory
follow this steps for Setting up the Active Directory Application.

3. Create the Filed value Rule
follow the steps for creating field value Rule

4. Create the Provisioning form and populating the value for the fields which are mandatory for creating the Active Directory account
Object Type -->User
Account DN --> User DN
User ID --> samAccountName
User Principal Name -->Log-on Name
Password
First Name
Last Name
Full Name

Make sure below Filed Value Rule Mapping is done for all the Required fields

5. Creating the After Provisioning Rule
Follow the Instruction

6. Attach this Rule in the Rule section of the Application in after Provisiong Rule , This Rule will send the Email for Success and Failure of the operation on the User.

Also make sure that this email Template are created

Active Directory PH Accounts Joiner AD Account Creation Notification

Active Directory PH Accounts Joiner AD Failure Notification

7. Now go to the Access Request Page , Select the User --> Select any of the Entitlement belongs to this Application and Submit the request (make sure the Entitlement is requestable , then only it will be available in the Access Request Page)

8. After Submission , it will go through the Approval , which can be Track from the Track Request Page , Once the Approval is done , Provisioning will start

9. Run the Perform Maintenance Task to Trigger the Provisioning.

10. Check the AD and see if the user is created with the values populated in filed value rule and Entitlement request will also get added and also Email will be Triggered with the account details and the Password.

11. Run Perform Identity Request Maintenance Task to complete the Request.

Wednesday, April 8, 2020

Sailpoint IIQ Pending Request Details API

Get All the Pending Request Details for the Particular beneficiary , This code will give the below details

Requester
Access Request Number
Identity Request ID
Approval WorkItem ID
Approval WorkItem Pending With
Requester
WorkFlow Case ID
Pending Task ID

public  void getPendingRequestDetails(String beneficiary,SailPointContext context) throws GeneralException {

  String identityRequestID;
  String identityRequestObjectID;
  String accessRequestID = null;
  HashMap returnMap = new HashMap();
  
  Identity identity = context.getObjectByName(Identity.class, beneficiary);
  String beneficiaryName = identity.getName();

  QueryOptions queryOption = new QueryOptions();
  queryOption.addFilter(Filter.eq("targetName", beneficiaryName));
  queryOption.addFilter(Filter.eq("type", "Approval"));
  queryOption.addFilter(Filter.isnull("state"));

  Iterator itWorkItems = context.search(WorkItem.class, queryOption);

  while ((null != itWorkItems) && (itWorkItems.hasNext())) {
   WorkItem workitem = (WorkItem) itWorkItems.next();
   identityRequestID = workitem.getIdentityRequestId();
   if (null != identityRequestID) {
    accessRequestID = new Integer(identityRequestID).toString();
   }  
   if (identityRequestID != null) {
    IdentityRequest irReq = context.getObjectByName(IdentityRequest.class, identityRequestID);
    identityRequestObjectID = irReq.getId();

    TaskResult taskResult = context.getObjectById(TaskResult.class,(String)irReq.getAttribute("taskResultId"));    
    WorkflowCase workflowCase = context.getObjectById(WorkflowCase.class,(String) taskResult.getAttribute("workflowCaseId"));
        
    returnMap.put("Access Request Number", accessRequestID);
    returnMap.put("Identity Request ID", identityRequestObjectID);
    returnMap.put("Approval WorkItem ID", workitem.getId());
    returnMap.put("Approval WorkItem Pending", workitem.getOwner().getName());
    returnMap.put("Requester", workitem.getRequester().getName());

    returnMap.put("Task Result ID", (String)irReq.getAttribute("taskResultId"));
    returnMap.put("WorkFlowCase ID", (String) taskResult.getAttribute("workflowCaseId"));
    
   } 
   if (null != workitem && null != workitem.getApprovalSet()) {
    ApprovalSet appSet = workitem.getApprovalSet();
    List approvalItems = appSet.getItems();  
    String entname1 = null;
    for (Object itemObj : approvalItems) {
     String entname = null;
     ApprovalItem item = (ApprovalItem) itemObj;
     if (item.getValue() instanceof String) {
      entname = (String) item.getValue();
      entname1 = entname1 + "||" + entname;
     }
     if (item.getValue() instanceof List) {
      entname = (String) ((List) item.getValue()).get(0);
      entname1 = entname1 + "||" + entname;
     }
    }
   // returnMap.put("Entitlement", entname1);
   }
   System.out.println(returnMap);
  }
  
  sailpoint.tools.Util.flushIterator(itWorkItems);
 }

{Requester=vkejriwal, Identity Request ID=8a88b861710725440171321c92ed526a, Access Request Number=16899, WorkFlowCase ID=8a88b861710725440171321c91e15265, Approval WorkItem ID=8a88b861710725440171321c98c25270, Task Result ID=8a88b861710725440171321c91dc5264, Approval WorkItem Pending=72349117}
{Requester=aagarwala, Identity Request ID=8a88b861710725440171320d7ebe5222, Access Request Number=16898, WorkFlowCase ID=8a88b861710725440171320d7de6521d, Approval WorkItem ID=8a88b861710725440171320e1214522e, Task Result ID=8a88b861710725440171320d7dd7521c, Approval WorkItem Pending=VIS Fallback Approval Workgroup}

Saturday, December 14, 2019

Sailpoint IIQ Quicklink Launch Workflow showing Form Value

Sailpoint IIQ Quicklink Launch Workflow showing Form Value

1. Create a quick link make sure the below category is created follow the step from the previous post

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE QuickLink PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<QuickLink action="workflow" category="Service Account Management" messageKey="Manage Service Account" name="Service Account View QuickLink">
  <Attributes>
    <Map>
      <entry key="workflowName" value="Service Account View Workflow"/>
    </Map>
  </Attributes>
  <Description>QuickLink to View Service Account in IIQ table</Description>
  <QuickLinkOptions allowSelf="true">
    <DynamicScopeRef>
      <Reference class="sailpoint.object.DynamicScope" name="Self Service"/>
    </DynamicScopeRef>
  </QuickLinkOptions>
</QuickLink>

2.Import the form created in the previous post

3.import the below Workflow

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Workflow PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Workflow explicitTransitions="true" name="Service Account View Workflow">
  <Variable editable="true" input="true" name="launcher">
    <Description>Launcher name.</Description>
  </Variable>
  <Variable initializer="true" name="transient"/>
  <Variable initializer="true" name="trace">
    <Description>Used for debugging this workflow and when set to true trace
      will be sent to stdout.</Description>
  </Variable>
  <Step icon="Start" name="Start" posX="229" posY="21">
    <Transition to="Display Form"/>
  </Step>
  <Step icon="Approval" name="Display Form" posX="427" posY="21">
    <Approval mode="serial" name="Display Form" owner="ref:launcher">
      <Arg name="workItemType" value="Approval"/>
      <Arg name="workItemDescription" value="Service Account Details"/>
      <Arg name="workItemForm" value="string:Service Account Details Form"/>
      <Arg name="workItemFormBasePath"/>
    </Approval>
    <Description>
       Display the Service Account form .
    </Description>
    <Transition to="Stop"/>
  </Step>
  <Step icon="Stop" name="Stop" posX="611" posY="21"/>
</Workflow>

Tuesday, October 1, 2019

SAILPOINT IDENTITY IQ ALL WORKFLOW AND SUB WORKFLOW

SAILPOINT IDENTITY IQ ALL WORKFLOW AND SUB WORKFLOW

Below is the List of all the OOTB Sub workflow which is getting called from the main workflow
==========================================================
Workflow:LCM Provisioning
Identity Request Initialize
Identity Request Violation Review
Do Provisioning Forms
Manage Ticket
Provision with retries
Provisioning Approval Subprocess
Approve and Provision Subprocess
Provisioning Approval Subprocess
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Approve and Provision Subprocess
Provisioning Approval Subprocess
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Identity Request Notify
Identity Request Finalize
Manage Ticket
Provision with retries

==========================================================
Workflow:LCM Create and Update
Identity Request Initialize
Identity Request Violation Review
Do Provisioning Forms
Manage Ticket
Provision with retries
Identity Request Approve Identity Changes
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Identity Request Notify
Identity Request Finalize
Manage Ticket
Provision with retries

==========================================================
Workflow:LCM Registration
LCM Create and Update
Identity Request Initialize
Identity Request Violation Review
Do Provisioning Forms
Manage Ticket
Provision with retries
Identity Request Approve Identity Changes
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Identity Request Notify
Identity Request Finalize
Manage Ticket
Provision with retries

==========================================================
Workflow:LCM Manage Passwords
Identity Request Initialize
Identity Request Violation Review
Do Provisioning Forms
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Identity Request Notify
Identity Request Finalize
Manage Ticket
Provision with retries

==========================================================
Workflow:Approve and Provision Subprocess
Provisioning Approval Subprocess
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries

==========================================================
Workflow:Approve and Provision Subprocess
Provisioning Approval Subprocess
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries

==========================================================
Workflow:Batch Request Wrapper
Identity Request Approve

==========================================================
Workflow:Do Provisioning Forms

==========================================================
Workflow:Do Manual Actions

==========================================================
Workflow:Provision with retries

==========================================================
Workflow:Check Status of queued items

==========================================================
Workflow:Manage Ticket
Provision with retries

==========================================================
Workflow:Role Modeler - Impact Analysis

==========================================================
Workflow:Role Modeler - Owner Approval

==========================================================
Workflow:Identity Refresh
Do Provisioning Forms
Do Manual Actions

==========================================================
Workflow:Identity Update
Do Provisioning Forms
Do Manual Actions

==========================================================
Workflow:Scheduled Assignment
Do Provisioning Forms
Provision with retries
Do Manual Actions

==========================================================
Workflow:Scheduled Role Activation

==========================================================
Workflow:Entitlement Update

==========================================================
Workflow:Password Intercept
Provision with retries

==========================================================
Workflow:Alert - Disable Account

==========================================================
Workflow:Identity Correlation

==========================================================
Workflow:Generic Step Library

==========================================================
Workflow:Provisioning Approval Subprocess

==========================================================
Workflow:IdentityProvisioningStepLibrary
Provisioning Approval Subprocess

==========================================================
Workflow:Identity Request Violation Review

==========================================================
Workflow:Identity Request Initialize
Identity Request Violation Review
Do Provisioning Forms

==========================================================
Workflow:Identity Request Approve

==========================================================
Workflow:Identity Request Notify

==========================================================
Workflow:Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items

==========================================================
Workflow:Identity Request Finalize
Manage Ticket
Provision with retries

==========================================================
Workflow:Identity Request Approve Identity Changes

==========================================================

SAILPOINT IDENTITY IQ GET ALL SUB WORKFLOW FROM MAIN WORKFLOW

SAILPOINT IDENTITY IQ API GET ALL SUB WORKFLOW FROM THE MAIN WORKFLOW

Below Rule will get the name of all the Sub Workflow Getting called from the Master Workflow in Sailpoint IIQ

Create the below Rule using the IIQ Debug Page

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule   language="beanshell"  name="List-Workflow-Subprocesses">
<Description> </Description>
<Source>
 <![CDATA[
import java.util.Iterator; 
import java.util.ArrayList;
import sailpoint.api.*;
import sailpoint.object.*;

public void handleWorkflow(Workflow workflow, int level) {
if (level == 0) { System.out.print("\n\n==========================================================\nWorkflow:");  }
for (int i = 0; i<level; i++) {
System.out.print("        "); 
}
     System.out.println(workflow.getName()); 
     ArrayList steps = workflow.getSteps(); 
     Iterator iter = steps.iterator(); 
     while (iter.hasNext()) { 
           Workflow.Step step = (Workflow.Step)iter.next(); 
           Workflow sub = step.getSubProcess(); 
           if (sub != null) { 
                  handleWorkflow(sub,level +1); 
           } 
    }
}
QueryOptions qo = new QueryOptions(); 
Iterator  iter = context.search(Workflow.class, qo); 
while(iter.hasNext()){
    Workflow workflow = (Workflow)iter.next();
    handleWorkflow(workflow,0);    
}
]]>
</Source>
</Rule>

Select the Rule and click on the Run Rule Page and check the Catalina.out the file , It will show all the Sub- Workflow Name which is getting called from the Workflow, Below screenshot, shows all the Sub Workflow name getting called from the LCM Provisioning WF

Below the screenshot of the Catalina.out file

For Example below are the List of Sub Workflow which get called from the LCM Provisioning Workflow

Workflow:LCM Provisioning
Identity Request Initialize
Identity Request Violation Review
Do Provisioning Forms
Manage Ticket
Provision with retries
Provisioning Approval Subprocess
Approve and Provision Subprocess
Provisioning Approval Subprocess
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Approve and Provision Subprocess
Provisioning Approval Subprocess
Manage Ticket
Provision with retries
Identity Request Provision
Do Provisioning Forms
Provision with retries
Check Status of queued items
Manage Ticket
Provision with retries
Identity Request Notify
Identity Request Finalize
Manage Ticket
Provision with retries

Sunday, March 3, 2019

init-lcm.xml

Below are the List of the files which get import as the part of init-lcm.xml

/apps/sp/apache-tomcat-8.5.31/webapps/identityiq/WEB-INF/bin/iiq console -j

>import init-lcm.xml
DashboardContent:Online Tutorials
DashboardContent:Access Request Status
DashboardContent:My Access Requests
IdentityDashboard:dashboardLifecycleDefault
IdentityDashboard:dashboardDefaultLCM
Merging UIConfig:UIConfig
Merging Configuration:SystemConfiguration
AuthenticationQuestion:sailpoint.object.AuthenticationQuestion@62ade015[id=,name=]
AuthenticationQuestion:sailpoint.object.AuthenticationQuestion@6c538eb2[id=,name=]
AuthenticationQuestion:sailpoint.object.AuthenticationQuestion@421d54b3[id=,name=]
AuthenticationQuestion:sailpoint.object.AuthenticationQuestion@ccd341d[id=,name=]
AuthenticationQuestion:sailpoint.object.AuthenticationQuestion@45592af7[id=,name=]
AuthenticationQuestion:sailpoint.object.AuthenticationQuestion@16b3c905[id=,name=]
AuthenticationQuestion:sailpoint.object.AuthenticationQuestion@4b88ca8e[id=,name=]
IdentityTrigger:Joiner
IdentityTrigger:Leaver
IdentityTrigger:Reinstate
IdentityTrigger:Manager transfer
Merging AuditConfig:AuditConfig
Merging Configuration:IdentitySelectorConfiguration
Identity:SelfRegistrationWorkGroup
ServiceDefinition:FullText
DynamicScope:Self Service
DynamicScope:Manager
DynamicScope:Help Desk
QuickLink:Request Access
QuickLink:Manage Accounts
QuickLink:Manage Passwords
QuickLink:Track Requests
QuickLink:Create Identity
QuickLink:Edit Identity
QuickLink:Mobile Violation Reviews
QuickLink:View Identity
Widget:Approvals
Widget:Forms
Widget:DirectReports
Including File: WEB-INF/config/lcmrules.xml
Rule:Check Password Policy
Rule:LCM Build Owner Approvals
Rule:LCM Build Identity Approvers
Rule:LCM Validate Identity Name
Rule:LCM Validate Password
Rule:LCM Workflow Library
Rule:LCM Build Identity ApprovalSet
Rule:Objects in Requestor's Authorized Scopes
Rule:Objects in Requestee's Assigned Scope
Rule:Objects in Requestor's Authorized Scopes or Requestee's Assigned Scope
Rule:Objects Owned by the Requestor
Rule:All Objects
Including File: WEB-INF/config/lcmemailtemplates.xml
EmailTemplate:LCM User Notification
EmailTemplate:LCM Requester Notification
EmailTemplate:LCM Manager Notification
EmailTemplate:Batch Approval
EmailTemplate:LCM Identity Update Approval
EmailTemplate:LCM Registration User Notification
EmailTemplate:LCM Registration Manager Notification
EmailTemplate:LCM Registration Security Officer Notification
EmailTemplate:LCM Registration Approval
EmailTemplate:Pending Manual Changes
EmailTemplate:LCM Password Change Notification
EmailTemplate:Native Account Change Manager Notification
Including File: WEB-INF/config/identityRequestWorkflowSubs.xml
Workflow:Identity Request Initialize
Workflow:Identity Request Approve
Workflow:Identity Request Notify
Workflow:Identity Request Provision
Workflow:Identity Request Finalize
Workflow:Identity Request Approve Identity Changes
Workflow:Identity Request Violation Review
Including File: WEB-INF/config/lcmworkflows.xml
Workflow:LCM Provisioning
Workflow:LCM Create and Update
Workflow:LCM Registration
Workflow:LCM Manage Passwords
Form:LCM Identity Approval
Workflow:Lifecycle Event - Joiner
Workflow:Lifecycle Event - Leaver
Workflow:Lifecycle Event - Reinstate
Workflow:Lifecycle Event - Manager Transfer
Workflow:Lifecycle Event - Email manager for all native changes
Workflow:Lifecycle Event - Manager Approval for all native changes
Workflow:Provisioning Approval Subprocess
Workflow:Approve and Provision Subprocess
Including File: WEB-INF/config/lcmworkflowConfigForms.xml
Form:Provisioning Workflow Config Form
Form:LCM Manage Passwords Config Form
Including File: WEB-INF/config/lcmReportForms.xml
Form:Access Request Status Form
Form:Edit Identity Requests Status Custom Fields
Form:Account Request Status Custom Fields
Form:Identity Request Report Form
Form:Password Management Requests Fields
Form:Registration Request Report Form
Including File: WEB-INF/config/lcmReportTasks.xml
TaskDefinition:Access Request Status Report
TaskDefinition:Identity Requests Status Report
TaskDefinition:Account Requests Status Report
TaskDefinition:Password Management Requests Report
TaskDefinition:Registration Requests Status Report
Including File: WEB-INF/config/batchworkflows.xml
Workflow:Batch Request Wrapper
TaskDefinition:Batch Request Processing Task
SPRight:FullAccessBatchRequest
Capability:BatchRequestAdministrator
Including File: WEB-INF/config/lcmForms.xml
Form:Self-service Registration Form
Including File: WEB-INF/config/webResources-lcm.xml
Merging Configuration:WebResource