IAM Works

import sailpoint.object.Identity; import sailpoint.object.QueryOptions; import sailpoint.object.Filter;   import java.util.*; QueryOptions qo = new QueryOptions(); qo.addFilter(Filter.eq("location",”Bangalore”)); // Search users based on two identity attributes //QueryOptions qo = new QueryOptions();                          //Filter f1=Filter.eq("firstname",firstName) ;    //Filter f2 = Filter.eq("lastname",lastName); //Filter finalFilter = Filter.and(f1,f2); //qo.addFilter(finalFilter); Iterator users = context.search(Identity.class, qo); while (users.hasNext()) { Identity user = (Identity)users.next(); System.out.println("\nUserName: " + user.getName()); System.out.println("\nEmployee ID: " + user.getAttribute("empId")); }

Actually the below code gives you the list of Links/accounts provisioned to a particular application, anyway you can find users using link import sailpoint.object.Identity; import sailpoint.object.QueryOptions;   import sailpoint.object.Link;   import sailpoint.object.Filter;   QueryOptions qo = new QueryOptions(); qo.add(Filter.eq("application.name", "HR System")); Iterator accountLinks = context.search(Link.class, qo); while (accountLinks.hasNext()) { Link link = (Link)accountLinks.next();           // use link object to find user and add to List }

The below code is used to change the column header during delimited file aggregation. Suppose, you have 'SuperUser' column in delimited file and you want to show this in Sailpoint as 'AccountID'. Write the below code in buildmap rule. import sailpoint.connector.DelimitedFileConnector; HashMap map = DelimitedFileConnector.defaultBuildMap(cols,record); String SuperUser = map.get("SuperUser"); map.put( "AccountID", SuperUser ); return map;

Use Password Policy tab in the Application for creating password policy, specify the conditions and create the policy. Use the below code to set random password(using policy) to the identity in Creation rule. import sailpoint.object.Identity; import sailpoint.object.PasswordPolicy; import sailpoint.api.PasswordGenerator; String policyName = “YOUR PASSWORD POLICY NAME"; PasswordPolicy policy = context.getObjectByName(PasswordPolicy.class, policyName); String password = new PasswordGenerator(context).generatePassword(policy); identity.setPassword(password);

// Provisioning rules have identity and context objects as arguments so no need to initialize // if required initialize identity object using identity/user search String pass = identity.getPassword(); System.out.println("Pass: "+pass); if (null != pass) { String decryptpw = context.decrypt(pass); return decryptpw; } else return "password";

Let’s say you have a field in status column in target application and as well as in identity application and you need to transform the value of the field during aggregation. Suppose in target application status as ‘A’ should be visible as Active is Identity cubes account, then below code can be used as customization rule //object argument is available as method argument so no need to initialize String status = object.getAttribute("status"); if(!("A".equals(status)))   object.setAttribute("status","Disabled"); else  object.setAttribute("status","Active"); return object;

//Provide application name, attributes, operation ProvisioningPlan plan = new ProvisioningPlan(); List requests = new ArrayList(); List attributes = new ArrayList(); /*Identity identity = context.getObjectById(Identity.class, formModel.get("identity"));*/ AccountRequest account = new AccountRequest(); account.setApplication("HR_Staging"); account.setOperation(AccountRequest.Operation.Create); attributes.add(new AttributeRequest("FIRST_NAME", identity .getAttribute("firstname"))); attributes.add(new AttributeRequest("LAST_NAME", identity .getAttribute("lastname"))); account.setAttributeRequests(attributes); requests.add(account); //plan.setIdentity(identity); plan.setAccountRequests(requests); System.out.println("Plan xml : " + plan.toXml());

import sailpoint.connector.DelimitedFileConnector; import sailpoint.object.Identity; import sailpoint.object.QueryOptions; import sailpoint.object.Filter;   import java.util.*; HashMap map = DelimitedFileConnector.defaultBuildMap(cols,record); String employeeId = map.get("employeeId"); String firstName = map.get("firstName"); String lastName = map.get("lastName"); String userName = null; System.out.println(employeeId+firstName+lastName); QueryOptions qo = new QueryOptions(); qo.addFilter(Filter.eq("employeeId",employeeId)); Iterator users = context.search(Identity.class, qo); while (users.hasNext()) { Identity user = (Identity)users.next();        userName = user.getName(); } System.out.println(userName); if(userName == null){   if(firstName != null &&  lastName != null){    userName = firstName.trim()+"."+lastName.trim(); } else if(firstName != null)...

Import init-lcm.xml ( from location /webapps/identityiq/WEB-INF/config/init-lcm.xml) to enable application request feature, Logout and login to take effect. Navigate to Life Cycle Manager(in settings) make below changes Applications that support additional account requests : select the list of application for requesting Applications that support account only requests: select the list of application for requesting Save and close the tab Navigate to Global settings -> Quick Link Population Create new population and update the quicklinks parameters as below We have now enabled Account requests for self and others Navigate to Manage Access -> Manage Accounts to request account for users

Rules in Sailpoint Below are few commonly used rules in Sailpoint Sailpoint rules gets executed in the below order during aggregation Flow: Pre-Iterate Rule BuildMap Rule Managed Entitlement Customization Rule Customization rule Correlation rule Manager correlation rule Creation rule PostIterate Rule Pre-Iterate Rule: 1st rule that runs during aggregation You can perform below operations in this rule Check file existence Modify the data in the files Merge files BuildMap Rule: 2nd Rule thats runs during aggregation, Using build map rule you can deal with application schema ex: populate value for custom column for the application. Build map is not available for connected apps(JDBC has jdbc buildmap). Available only for disconnected apps like delimited files. Customization Rule:  Runs after buildmap rule, this can be used to transform data of resource object/account data during account aggregation Ex: if you have status value...

This document helps you set up Sailpoint IdentityIQ 7.3 in Windows Operating System Softwares Required: MySQL 5.6 server Click here to download Apache Tomcat  9.0 Click here to download Java JDK 1.8 and above Click here to download Sailpoint IdentityIQ 7.3 application You may require to login into Sailpoint community to download Install the above softwares, update JDK, MySQL paths in environment Path variable Note: If you are facing issue in MySQL service then try running below commands mysqld –install net start mysql Sailpoint Configuration Steps: Create an \idenityiq directory under the Tomcat webapps directory: for example, C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\identityiq Unzip the identityiq-7.3.zip file. Copy iidentityiq.war file to the C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\identityiq Run below command to extract identityiq.war jar -xvf C:\Program Files\Apa...