Generate Email address

              import sailpoint.object.Filter;

              import sailpoint.object.Identity;

              import sailpoint.object.QueryOptions;

              import sailpoint.tools.GeneralException;

              import sailpoint.api.SailPointContext;

              int count = 0;

              String firstName = null;

              String lastName = null;

              String userName = null;

              String email = null;

              String domain = "@testMighty.com";

              if (identity != null) {

              if (identity.getFirstname() != null @and identity.getFirstname().equalsIgnoreCase("")

              @and identity.getLastname() != null @and identity.getLastname().equalsIgnoreCase("")) {

              firstName = identity.getFirstname();

              lastName = identity.getLastname();

              userName = firstName + "." + lastName;

              email = userName + domain;

              QueryOptions qo = new QueryOptions();

              Filter filter = Filter.ignoreCase(Filter.like("email", email, Filter.MatchMode.START));

              qo.addFilter(filter);          

              try {

              count = context.countObjects(Identity.class, qo);

              if (count != 0) {

              email = userName + count + domain;

              }

              return email;

              } catch (GeneralException e) {

              System.out.println("GeneralException : " + e.getMessage());

              }

              } else {

              System.out.println("Identity firstname is " + firstName);

              System.out.println("Identity lastname is " + lastName);

              }

              } else {

              System.out.println("Identity object is null");

              }

Additional Loggers for debugging

RefreshTask Debugging:

logger.idRefreshExecutor.name=sailpoint.task.IdentityRefreshExecutor

logger.idRefreshExecutor.level=trace   //Enable Trace logger

logger.idRefreshExecutor.level=debug // //Enable debug logger

===========================================================================

Rapid setup debugging:

#logger.rs.name=sailpoint.rapidsetup

#logger.rs.level=debug

#logger.rslibrary.name=sailpoint.workflow.RapidSetupLibrary

#logger.rslibrary.level=debug

===========================================================================

Workflow Debugging:

logger.workflower.name = sailpoint.api.Workflower

logger.workflower.level=debug

Applications Health Check Report

 <?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">

<TaskDefinition executor="sailpoint.reporting.LiveReportExecutor"  name="Application-Test Connection-Report" progressMode="Percentage" resultAction="Rename" subType="Configured Resource Reports" template="true" type="LiveReport">

  <Attributes>

    <Map>

      <entry key="report">

        <value>

          <LiveReport title="Applications Detail Report">

            <DataSource objectType="Application" type="Filter">

              <QueryParameters>

                <Parameter argument="applications" property="id"/>

              </QueryParameters>

            </DataSource>

            <Columns>

              <ReportColumnConfig field="application" header="rept_app_grid_col_app" property="name" sortable="true" width="110"/>

              <ReportColumnConfig field="connectionStatus" header="Connection Status" property="id" sortable="true" width="110">

                <RenderScript>

                  <Source>

                    import sailpoint.connector.Connector;

                    import sailpoint.connector.ConnectorFactory;

                    import sailpoint.connector.*;

                    import sailpoint.object.Application;

                    import sailpoint.object.TaskItemDefinition;

                    import sailpoint.object.TaskItemDefinition.ProgressMode;

                    import sailpoint.tools.GeneralException;

                    import sailpoint.tools.Message;

                    import sailpoint.tools.Util;

                    import sailpoint.api.SailPointContext;

                    import sailpoint.object.*;

                    import java.lang.reflect.Constructor;

                    import java.util.*;

                    try {

                    Application app = (Application) context.getObjectById(Application.class, value);

                    //String appName = app.getName();

                    if (app != null) {

                    //String connName = app.getConnector();

                    try {

                    Connector connector = ConnectorFactory.getConnector(app, null);

                    connector.testConfiguration();

                    return "Test Connection Successful";

                    } catch (Exception e) {

                    return e.getMessage();

                    log.error(e);

                    }

                    }

                    } catch (Exception e) {

                    log.error(e);

                    throw(e);

                    }

                  </Source>

                </RenderScript>

              </ReportColumnConfig>

            </Columns>

          </LiveReport>

        </value>

      </entry>

    </Map>

  </Attributes>

  <Description>A list of all application's connection status.  If successfull, "Successful Connection" is displayed.  If not, the connector exception is shown.</Description>

  <RequiredRights>

    <Reference class="sailpoint.object.SPRight" id="c0a8010380581a4b8180581cdee2004a" name="FullAccessApplicationReport"/>

  </RequiredRights>

  <Signature>

    <Inputs>

      <Argument multi="true" name="applications" type="Application">

        <Description>rept_input_app_report_apps</Description>

      </Argument>

    </Inputs>

  </Signature>

</TaskDefinition>

Disable BlackListUsers in ForgeRock

 //ForgeRock IDM ->Configure ->Mappings ->Behaviour ->Situational Event Script

Check Policies under behavior like absent - create, Found -update

//OnCreate Script to Disable the BlackListUsers based on cisNo matching to blackListUser. So that they cannot login into the system

var cisNo=target.blcCisNo;

if(cisNo){

var userQuery={"_queryFilter": "cisNo eq "+cisNo};

}

try{

var matchingUsers=openidm.query("managed/user", userQuery);

if(matchingUsers.result.length > 0)){

for(var i=0; i< matchingUsers.result.length; i++){

var userId=matchingUsers.result[i]._id;

var user =openidm.read("managed/user/"+userid);

var result=openidm.patch("managed/user/"+userid", null ,[{"operation": "replace","field":"/disabledStatus","value":"1"}]);

}

catch(e){

logger.error("error updating user account " +e);

}

}

}

AfterProvisioning Rule

import java.util.ArrayList;

import java.util.HashMap;

import java.util.List;

import java.util.Map;

import org.apache.commons.logging.Log;

import org.apache.commons.logging.LogFactory;

import sailpoint.api.SailPointContext;

import sailpoint.object.EmailOptions;

import sailpoint.object.EmailTemplate;

import sailpoint.object.Identity;

import sailpoint.object.ProvisioningPlan;

import sailpoint.object.ProvisioningPlan.AccountRequest;

import sailpoint.object.ProvisioningResult;

import sailpoint.tools.GeneralException;

public class SendMail {

static SailPointContext context = null;

static ProvisioningPlan plan = null;

public static void main(String[] args) throws GeneralException {

Log logger = LogFactory.getLog("rule.active directory.Common.fieldvalue.create");

String userType = null;

Map emailTemplateArguments = new HashMap();

List toEmailList = new ArrayList();

EmailOptions options = new EmailOptions();

if (null != plan && null != plan.getNativeIdentity()) {

logger.debug("Got the falcon delete plan :");

List<AccountRequest> accReqList = plan.getAccountRequests();

Identity identity = context.getObjectByName(Identity.class, plan.getNativeIdentity());

if (null != identity) {

logger.debug("The identity is : " + identity);

userType = identity.getAttribute("type").toString();

for (AccountRequest acctReq: accReqList) {

ProvisioningResult provResult = acctReq.getResult();

if (AccountRequest.Operation.Modify.equals(acctReq.getOperation())

&& !provResult.getStatus().equalsIgnoreCase("faild") && null != userType

&& !userType.equalsIgnoreCase("service")) {

logger.debug("Display name" + identity.getDisplayName());

emailTemplateArguments.put("identityDiaplayName", identity.getDisplayName());

logger.debug("The email address" + identity.getAttribute("email"));

String mail = (identity.getAttribute("email") != null)? identity.getAttribute("email").toString(): null;

if (null != mail) {

toEmailList.add(mail);

options.setTo(toEmailList);

options.addVariables(emailTemplateArguments);

EmailTemplate emailTemplateUserID = context.getObjectByName(EmailTemplate.class, "emailTemplateName");

logger.debug("The emailTemplateUserID------------------------------" + emailTemplateUserID);

emailTemplateUserID.setBcc("abc@gmail.com");

context.sendEmailNotification(emailTemplateUserID, options);

logger.debug("email sent successfully-----------------------");

}

}

if (AccountRequest.Operation.Delete.equals(acctReq.getOperation())

&& !provResult.getStatus().equalsIgnoreCase("faild") && null != userType

&& !"service".equalsIgnoreCase(userType)) {

Map emailTemplaetArguments = new HashMap();

logger.debug("The falcon Display name" + identity.getDisplayName());

emailTemplaetArguments.put("identityDiaplayName", identity.getDisplayName());

String mail = (identity.getAttribute("email") != null)? identity.getAttribute("email").toString(): null;

logger.debug("Got the email address" + mail);

if (null != mail) {

logger.debug("Inside the loop testing");

toEmailList.add(mail);

options.setTo(toEmailList);

options.addVariables(emailTemplaetArguments);

EmailTemplate emailTemplateUserID = context.getObjectByName(EmailTemplate.class,"LeaveremailTemplateName");

emailTemplateUserID.setBcc("abc@gmail.com");

context.sendEmailNotification(emailTemplateUserID, options);

logger.debug("email sent successfully-----------------------");

}

}

}

}

}

}

}

Single Account Aggregation

  import sailpoint.object.Application;

  import sailpoint.object.Attributes;

  import sailpoint.object.ResourceObject;

  import sailpoint.object.TaskResult;

  import sailpoint.object.Rule;

  import sailpoint.api.Aggregator;

  import sailpoint.connector.Connector;

  import sailpoint.tools.CloseableIterator;

  import java.util.regex.Pattern;

  import org.apache.log4j.Logger;

  import org.apache.log4j.Level;

  long startTime = System.currentTimeMillis();

  // Initialize the error message to nothing.

  String errorMessage = "";

  String mtaRefreshrule="RuleAdLdsAccountGroupRefresh";

  String rchRefreshrule="ActiveDirectory Account Group Refresh Rule";

  List nativeIdentities= new ArrayList(); 

  //chagnge only below two values

  nativeIdentities.add("CN=testrenamecidm2renamedAgain3,DC=test,DC=com");

  appName="Active Directory";  

  log.error("nativeIdentitiesList:: "+nativeIdentities);

  Application appObject = context.getObjectByName(Application.class, appName);

  String appConnName = appObject.getConnector();

  if(appName.equals("LDAP - MTA")) rule=mtaRefreshrule;

  if(appName.equals("Active Directory")) rule=rchRefreshrule;

  rule=null;

  log.debug("Application " + appName + " uses connector " + appConnName);

  Connector appConnector = sailpoint.connector.ConnectorFactory.getConnector(appObject, null);

  if (null == appConnector)

  {

    errorMessage = "Failed to construct an instance of connector [" + appConnName + "]";

    return errorMessage;

  }

  log.debug("Connector instantiated, calling getObject() to read group details...");

  List resourceObjects = new ArrayList();

  for (String nativeIdentity : nativeIdentities)  {

    ResourceObject rObj;

    try

    {

      rObj = appConnector.getObject("group", nativeIdentity, null);    

      resourceObjects.add(rObj);

      log.debug("Got raw resourceObject: " + rObj.toXml());

    }

    catch (sailpoint.connector.ObjectNotFoundException onfe)

    {

      errorMessage = "Connector could not find group: [" + nativeIdentity + "]";

      errorMessage += " in application  [" + appName + "]";

      log.error(errorMessage);

      log.error(onfe);

      return errorMessage;

    }

    if (null == rObj)    {

      errorMessage = "ERROR: Could not get ResourceObject for group : " + nativeIdentity;

      log.error(errorMessage);

      return errorMessage;

    }

  }

  // Next we perform a miniature "Aggregation" using IIQ's built in Aggregator.

  // Create an arguments map for the aggregation task. 

  // To change this (if you need to), the map contains aggregation options and is the same as the 

  // arguments to the account aggregation tasks.  Some suggested defaults are:

  Attributes argMap = new Attributes();

  argMap.put("descriptionLocale", "en_US");

  argMap.put("accountGroupRefreshRule", rule);

  argMap.put("aggregationType", "group");

  argMap.put("checkDeleted", "true");

  //Construct an aggregator instance.

  Aggregator agg = new Aggregator(context, argMap);

  if (null == agg)

  {

    errorMessage = "Null Aggregator returned from constructor.  Unable to Aggregate!";

    log.error(errorMessage);

    return errorMessage;

  }

  // Invoke the aggregation task by calling the aggregate() method.

  // Note: the aggregateGroup() call may take several seconds to complete.

  log.debug("Calling aggregateGroup() method... ");

  //Rule customizationRule = context.getObjectByName(Rule.class, "RuleGMCustomization");

  Rule customizationRule = appObject.getCustomizationRule();

  for (rObject : resourceObjects)

  {

    if (null != customizationRule)

    {

      log.debug("Customization rule selected for applicaiton " + appName);

      try

      {

        // Pass the mandatory arguments to the Customization rule for the app.

        HashMap ruleArgs = new HashMap();

        ruleArgs.put("context", context);

        ruleArgs.put("log", log);

        ruleArgs.put("object", rObject);

        ruleArgs.put("application", appObject);

        ruleArgs.put("connector", appConnector);

        ruleArgs.put("state", new HashMap());

        // Call the customization rule just like a normal aggregation would.

        ResourceObject newRObj = context.runRule(customizationRule, ruleArgs, null);

        // Make sure we got a valid resourceObject back from the rule.  

        if (null != newRObj)

        {

          rObject = newRObj;

          log.debug("Got post-customization resourceObject: " + rObject.toXml());

        }

      }

      catch (Exception ex)

      {

        // Swallow any customization rule errors, the show must go on!

        log.error("Error while running Customization rule for " + appName);

      }

    }

    aggObject = agg.aggregateGroup(appObject, rObject);

    log.error("aggregation complete for :: " + rObject.toXml());

  }

  long endTime = System.currentTimeMillis();

  long testDuration = endTime - startTime;

  return aggObject;

  log.error("testDuration:: "+testDuration);

  if(aggObject != null) return "success";

  return "fail";

How to Call Task from TaskManager?

 import java.util.HashMap;

import java.util.Map;

import sailpoint.api.SailPointContext;

import sailpoint.api.TaskManager;

import sailpoint.object.Attributes;

import sailpoint.object.TaskDefinition;

import sailpoint.object.TaskResult;

import sailpoint.tools.GeneralException;

public class CallTask {

static SailPointContext context = null;

public static void main(String[] args) {

String taskName = "Test Rule";

Map map = new HashMap();

map.put("UserID", "000123");

Attributes attributes = new Attributes();

attributes.setMap(map);

try {

TaskManager taskManager = new TaskManager(context);

TaskDefinition taskDefinition = taskManager.getTaskDefinition(taskName);

TaskResult runWithResult = taskManager.runWithResult(taskDefinition, attributes);

runWithResult.getId();

} catch (GeneralException e) {

System.out.println("GeneralException: " + e.getMessage());

}

}

}

How to import Roles in IIQ?

import java.io.BufferedReader;

import java.io.File;

import java.io.FileNotFoundException;

import java.io.FileReader;

import java.io.IOException;

import java.util.ArrayList;

import java.util.HashMap;

import java.util.List;

import sailpoint.api.SailPointContext;

import sailpoint.api.Terminator;

import sailpoint.object.Application;

import sailpoint.object.Bundle;

import sailpoint.object.Filter;

import sailpoint.object.GroupDefinition;

import sailpoint.object.Identity;

import sailpoint.object.IdentitySelector;

import sailpoint.object.Profile;

import sailpoint.tools.GeneralException;

import sailpoint.tools.RFC4180LineParser;

public class ITRole {

static SailPointContext context = null;

public static void deleteRole(HashMap roleHash) throws GeneralException {

String roleName = roleHash.get("Role Name").toString();

Bundle bundle = context.getObjectByName(Bundle.class, roleName);

if (bundle != null) {

Terminator terminator = new Terminator(context);

terminator.deleteObject(bundle);

} else {

System.out.println("Role doesn't exist /  Role deleted...");

}

}

public static void bundBusinessRole(HashMap roleHash) throws GeneralException {

String orgRole = roleHash.get("Organization Role").toString();

String roleName = roleHash.get("Role Name").toString();

String roleType = roleHash.get("Role Type").toString();

String roleOwner = roleHash.get("Role Owner").toString();

String itRole = roleHash.get("IT Role").toString();

String assignmentRule = roleHash.get("Entilements").toString();

Bundle role = context.getObject(Bundle.class, roleName);

if (role == null) {

role = new Bundle();

}

role.setName(roleName);

if (roleType.toLowerCase().startsWith("it")) {

role.setType("it");

} else {

role.setType("business");

}

Identity ownerId = context.getObject(Identity.class, roleOwner);

if (ownerId == null) {

ownerId = context.getObjectById(Identity.class, "spadmin");

}

role.setOwner(ownerId);

role.setDisplayName(roleName);

role.setAllowDuplicateAccounts(false);

role.setAllowMultipleAssignments(false);

role.setMergeTemplates(false);

// Look up the role for the Inheritance here

Bundle bundleObj = context.getObject(Bundle.class, "LD");

role.addInheritance(bundleObj);

// Handle Business - role specific build out options here

if (role.getType().contains("business")) {

IdentitySelector identitySelector = new IdentitySelector();

GroupDefinition groupDefinition = context.getObjectByName(GroupDefinition.class, assignmentRule);

identitySelector.setPopulation(groupDefinition);

role.setSelector(identitySelector);

// Clear the Previous List of requirements for this role

if (null != role.getRoleAssignments()) {

role.getRequirements().clear();

}

// Add the required IT Roles for this business Role

Bundle requiredRole = context.getObjectByName(Bundle.class, itRole);

if (null == requiredRole) {

System.out.println("Required Roles not found...");

} else {

role.addRequirement(bundleObj);

}

}

context.saveObject(role);

context.commitTransaction();

context.decache(role);

return;

}

public static void bundRole(HashMap roleHash) throws GeneralException {

String roleName = roleHash.get("Role Name").toString();

String roleType = roleHash.get("Role Type").toString();

String roleOwner = roleHash.get("Role Owner").toString();

String appName = roleHash.get("Application Name").toString();

String attName = roleHash.get("Attribute").toString();

String entsList = roleHash.get("Entilements").toString();

Bundle role = null;

try {

role = context.getObject(Bundle.class, roleName);

if (role == null) {

role = new Bundle();

}

role.setName(roleName);

if (roleType.toLowerCase().startsWith("it")) {

role.setType("it");

} else {

role.setType("business");

}

Identity ownerId = context.getObject(Identity.class, roleOwner);

if (ownerId == null) {

ownerId = context.getObjectById(Identity.class, "spadmin");

}

role.setOwner(ownerId);

role.setDisplayName(roleName);

role.setAllowDuplicateAccounts(false);

role.setAllowMultipleAssignments(false);

role.setMergeTemplates(false);

// Lookup the application for the role, if one is required

Application appObj = null;

if (appName != null) {

appObj = context.getObject(Application.class, appName);

if (appObj == null) {

return;

}

}

// Convert the entitlements list into a list object

if (null != entsList) {

entsList.replace("\\/", "/");

}

RFC4180LineParser entParser = new RFC4180LineParser("|");

ArrayList<String> entitlements = entParser.parseLine(entsList);

// Look up the role for the Inheritance here

Bundle bundleObj = context.getObject(Bundle.class, "LD");

role.addInheritance(bundleObj);

// Handle IT - role specific build out options here

if (role.getType().contains("it")) {

// clear out the previous profiles on the role

if (null != role.getProfiles()) {

role.getProfiles().clear();

}

for (int e = 0; e < entitlements.size(); e++) {

Filter filter = Filter.eq(attName, entitlements.get(e));

Profile profile = new Profile();

profile.addConstraint(filter);

profile.setApplication(appObj);

role.add(profile);

}

}

} catch (Exception e) {

System.out.println("Exception : " + e.getMessage());

}

context.saveObject(role);

context.commitTransaction();

context.decache(role);

return;

}

public static void main(String[] args) {

int lineCounter = 0;

String dlm = ",";

String thisLine = "";

String headerString = "";

String valueString = "";

HashMap lineHash = null;

List bundles = null;

List headerStrings = new ArrayList();

String csvFileName = "P:\\IDM\\Sailpoint\\Ent-users.csv";

System.out.println("Role Creation Started ...");

BufferedReader fileIn = null;

File bundleFile = null;

System.out.println("Reading Bundle Data from : " + csvFileName);

try {

bundleFile = new File(csvFileName);

if ((!bundleFile.exists()) || bundleFile.isDirectory()) {

System.out.println("Unable to find the bundle csv file: " + csvFileName);

return;

}

fileIn = new BufferedReader(new FileReader(csvFileName));

RFC4180LineParser parser = new RFC4180LineParser(dlm);

while (null != (thisLine = fileIn.readLine())) {

ArrayList tokens = parser.parseLine(thisLine);

if (lineCounter == 0) {

for (int i = 0; i < tokens.size(); i++) {

headerStrings.add((String) tokens.get(i));

}

} else {

lineHash = new HashMap();

for (int i = 0; i < tokens.size(); i++) {

headerString = headerStrings.get(i).toString();

valueString = tokens.get(i).toString();

}

if (null != valueString) {

valueString = valueString.trim();

} else {

valueString = "";

}

lineHash.put(headerString, valueString);

}

try {

// Creating Roles Data

bundRole(lineHash);

} catch (Exception e) {

System.out.println("Error while Creating Data Exception : " + lineHash);

}

}

lineCounter++;

if ((lineCounter % 20) == 0) {

context.decache();

}

}

// fileIn.close();

catch (FileNotFoundException e) {

System.out.println("FileNotFoundException : " + e.getMessage());

} catch (IOException e) {

System.out.println("IOException : " + e.getMessage());

} catch (GeneralException e) {

System.out.println("GeneralException : " + e.getMessage());

}

}

}

How to configure IdentityIQ to display all Identity Attributes?

Navigate to the Debug Page and add this entry to the UI Configuration object:

• Search for "identityViewAttributes" keyword.
• Add the attribute names correctly.
• Scroll down and Save 

How to configure SailPoint IdentityIQ UI Task Servers

Login to the Debug Page and Navigate to the Object Browser ---> Service Definition

Add Servers entry to the Request object: -

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE ServiceDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">

<ServiceDefinition hosts="ABC1, ABC2, ABC3" name="Request">

  <Description>

Service definition for the Request processor service.

    </Description>

</ServiceDefinition>

##############################################################################

Add Servers entry to the Task Object:-

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE ServiceDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">

<ServiceDefinition hosts="ABC1,ABC2,ABC3" name="Task">

  <Description>

Service definition for the Task scheduler service.  

    </Description>

</ServiceDefinition>

How to enable TimeMachine in SailPoint IdentityIQ?

Navigate to the Debug Page and add this entry to the System Configuration object:

<entry key="timeMachineEnabled" value="true"/>

Active Period Rule1

import java.util.Date;

import org.apache.commons.logging.Log;

import sailpoint.api.SailPointContext;

import sailpoint.object.AuditEvent;

import sailpoint.object.Certification;

import sailpoint.tools.GeneralException;

public class ActivePeriodRule1 {

static Log logger = null;

static SailPointContext context = null;

static Certification certification = null;

private static void callActivePeriodRule1() {

String auditTarget = null;

String auditAction = "UserENTCertEvent";

auditTarget = certification.getEntities().get(0).getIdentity();

AuditEvent auditEvent = new AuditEvent();

auditEvent.setSource("User Entitlement Certification Event Trigger");

auditEvent.setAction(auditAction);

auditEvent.setTarget(auditTarget);

auditEvent.setAttributeValue("CN=SailPoint IdentityIQ,OU=Groups,OU=mighty,OU=com");

auditEvent.setCreated(new Date());

try {

context.saveObject(auditEvent);

context.commitTransaction();

context.decache(auditEvent);

} catch (GeneralException e) {

logger.error("GeneralException in ActivePerioRule1 : " + e.getMessage());

}

}

public static void main(String[] args) {

callActivePeriodRule1();

}

}

Exclusion Rule for Entitlement2

import java.util.ArrayList;

import java.util.Iterator;

import java.util.List;

import sailpoint.object.Certifiable;

import sailpoint.object.EntitlementGroup;

public class CertExclusionRule2 {

static List items = null;

static List itemsToExclude = null;

private static String excludeEntitlement() {

String explanation = "";

// String appName = null;

String entName = null;

String entValue = null;

Iterator iterator = null;

List certObjList = new ArrayList();

EntitlementGroup entitlementGroup = null;

iterator = items.iterator();

while (iterator.hasNext()) {

// entitlementGroup = (EntitlementGroup) iterator.next();

Certifiable certifiable = (Certifiable) iterator.next();

if (certifiable instanceof EntitlementGroup && entitlementGroup.getApplicationName() != null

&& entitlementGroup.getAttributeNames().get(0) != null

&& entitlementGroup.getAttributes().get(entName).toString() != null) {

entitlementGroup = (EntitlementGroup) certifiable;

// appName = entitlementGroup.getApplicationName();

entName = entitlementGroup.getAttributeNames().get(0);

entValue = entitlementGroup.getAttributes().get(entName).toString();

if (entValue.contains("SailPoint IdentityIQ")) {

certObjList.add(entValue);

} else {

itemsToExclude.add(certifiable);

iterator.remove();

explanation = "Groups match the exclusion criteria";

}

}

}

return explanation;

}

public static void main(String[] args) {

String message = excludeEntitlement();

}

}

SailPoint Queries

 # Joiner Query:-

SELECT firstname, lastname, name, email FROM spt_identity

WHERE employee_status = "Active" AND needs_joiner = "PROCESSING";

SELECT i.firstname, i.lastname, i.name, i.email, i.type FROM spt_identity i, spt_application a, spt_link l, spt_task_result t

WHERE a.id = l.application

AND l.identity_id = i.id

AND t.target_id = t.target_id

AND i.employee_status = 'Active'

AND a.name = 'Active Directory'

AND l.attributes NOT LIKE 'IIQDisabled'

AND t.name LIKE 'Joiner'

AND t.created > 1234567890 (yesterday time in epoch)

AND t.created < 1244567890; (today time in epoch)

# Leaver Query:-

SELECT i.firstname, i.lastname, i.name, i.email, i.type FROM spt_identity i, spt_application a, spt_link l

WHERE a.id = l.application

AND l.identity_id = i.id

AND i.employee_status = 'inactive'

AND i.org_name NOT LIKE '%Employees on Layoff%'

AND a.name = ''Active Directory'

AND l.attributes NOT LIKE 'IIQDisabled';

SELECT i.firstname, i.lastname, i.name, i.email, i.type FROM spt_identity i, spt_application a, spt_link l

WHERE a.id = l.application

AND l.identity_id = i.id

AND t.target_id =i.id

AND l.identity_id = t.target_id

AND i.employee_status = 'inactive'

AND i.org_name NOT LIKE '%Employees on Layoff%'

AND a.name = ''Active Directory'

AND l.attributes NOT LIKE 'IIQDisabled'

AND t.name LIKE 'LEAVER'

AND t.created > 1234567890 (yesterday time in epoch)

AND t.created < 1244567890; (today time in epoch)

=================

SELECT * 

FROM identityiq.spt_link

GROUP BY native_identity, application

HAVING COUNT(*) > 1;

GIT Repo Update

# Login to DevOps

# For the first time follow the below step if not skip this step. (Optional)

Navigate to Repos -> Select the current Repo (Ex: SailPoint 8.3p3)

# Create the SailPoint folder in the local machine (For the first time)

# Go To the SailPoint folder where you saved the GIT repository SailPoint folder.

# Right-click on it and select the GIT Bach here.

# For the first time follow the below step if not skip this step.

Click on clone and copy the URL in DevOps

# Type the following command 

git clone https://XYZ

# git checkout master

# git pull

# git checkout -b PR_Clarity

# git pull

# git status

# Place updated/new files in the respective folders

# git status 

(check the status - to know XMLs you updated)

# git add .

# git commit -m "Process Clarity"

# git push

# git remote -v

# git push origin PR_Clarity

# Go To Repos ---> Select the updated repo version name (Ex: PR_Clarity)

# Click on Create Pull Request

# Select the reviewer 

# Scroll down and click on create.

IQService Upgrade Steps

 Pre-requisite:-

IdentityIQ would be installed on the server.

1. Copy the correct version of the IQService.zip from the below path:

C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\identityiq\WEB-INF\bin\win

2. Log into RDP 

3. Navigate to IQService installed path/location (Ex: C\IQService) & take a backup of the current IQService installation on the IQService box.

4. Stop the IQService from Service Applet or run the following command from CMD:

IQService.exe -k

5. Uninstall the existing version by running the following command and delete the IQService folder.

IQService.exe -u

6. Install the latest version by running the following command:

IQService.exe -i

7. Start the service from the command line by running the following command:

IQService -s

8. Validate the version by running the following command:

IQService.exe -v

9. Search the service from Windows and open the service with administrator rights.

Open the SailPoint IQService-Instace1 from the service, navigate to change the Log on to the service account, and add the below user:

xyz (AD Service account username)

10. Register the service account and restart using following command.

IQService.exe -a "XYZ"

11. Test the connection AD connection from the SailPoint AD application.

===============================### THE END ###==========================

Upgrade Steps and Patching Steps

High-Level Steps:-

Pre-requites:-

SSB would be already set up.

Upgrade Steps:-

# Take a backup of the older IIQ war file

# Run the following DDL Scripts for 8.3 DB updates (Upgrade the database scripts)

# Place the zip file in base\ga. Remove any folder version of the zip file present at the location

# Update the IIQ version in the build.properties file (IIQVersion, IIQPatchLevel)

# Update the hostname in the server.properties file

# Update the iiq.properties file

# Run the build command in the GIT hub extracted folder

build.bat clean war

# Stop the Tomcat Server / Service

# Place the identityiq.war file in webapps folder

# Start the Tomcat Server / Service

# Run the upgrade command in the iiq console path

iiq upgrade

##############################==================################################

Patch Steps:-

# Upgrade the database scripts

# Place the zip file in base\patch

# Update the IIQ version in the build.properties file

# Run the build command in the GIT hub extracted folder

build.bat clean war

# Place the identityiq.war file in webApps folder

# Start the Tomcat Server / Service

# Run the patch command in the iiq console path

iiq patch 8.3p3

Note:- We can use any of the following command(s) for building the war file

build.bat clean

build.bat war

(OR)

build.bat clean war

Required software's/tools for SailPoint IIQ

# Notepad++

# Beyond Software

# Eclipse

# JD-GUI

# SQL - HeidiSQL / etc.,

# VISIO

# Apache Directory Studio / JExplorer / etc.,

# GIT set up / etc.,

Classic Ports to know

 # 22 = SSH (Secure Shell) - log into a Linux instance

# 21 = FTP (File Transfer Protocol)

# 22 = SFTP (Secure File Transfer Protocol) upload files using SSH

# 80 =  HTTP - access unsecured websites

# 443 = HTTPS - access secures websites

# 3389 = RDP (Remote Desktop Protocol) - log into a windows instance

SSB

Audit

Set TaskStatus

import org.apache.commons.logging.Log;

import sailpoint.api.SailPointContext;

import sailpoint.object.TaskResult;

import sailpoint.tools.GeneralException;

public class SetTaskStatus {

static Log log = null;

static SailPointContext context = null;

public static void main(String[] args) {

int count = 316;

TaskResult taskResult = null;

try {

taskResult = context.getObjectByName(TaskResult.class, "Mighty Task");

if (taskResult != null) {

taskResult.addAttribute("count", count);

taskResult.setCompletionStatus(taskResult.getCompletionStatus().Success);

}

} catch (GeneralException e) {

log.error("GeneralException: " + e.getMessage());

taskResult.setCompletionStatus(taskResult.getCompletionStatus().Error);

}

}

}

 

GroupAggregation Rule for Description

import java.util.HashMap;

import java.util.Locale;

import java.util.Map;

import org.apache.commons.logging.Log;

import sailpoint.api.SailPointContext;

import sailpoint.object.Application;

import sailpoint.object.Identity;

import sailpoint.object.ManagedAttribute;

import sailpoint.object.ResourceObject;

import sailpoint.tools.GeneralException;

public class GroupAggrgationRuleForDesc {

static Log log = null;

static SailPointContext context = null;

static Map environment = null;

static ResourceObject obj = null;

static Application groupApplication = null;

static ManagedAttribute accountGroup = null;

public static void main(String[] args) {

Identity workGroup = null;

Map map = new HashMap();

try {

workGroup = context.getObjectByName(Identity.class, accountGroup.getValue());

accountGroup.setOwner(workGroup.getOwner());

accountGroup.setRequestable(false);

map.put(Locale.US.toString(), workGroup.getDescription());

accountGroup.setDescriptions(map);

} catch (GeneralException e) {

log.error("GeneralException: " + e.getMessage());

}

}

}

Exclusion Rule for Entitlement1

import java.util.ArrayList;

import java.util.Iterator;

import java.util.List;

import org.apache.commons.logging.Log;

import sailpoint.api.SailPointContext;

import sailpoint.object.Attributes;

import sailpoint.object.Certifiable;

import sailpoint.object.EntitlementGroup;

import sailpoint.object.Filter;

import sailpoint.object.ManagedAttribute;

import sailpoint.tools.GeneralException;

public class WorkgroupECertExclusionRule {

static SailPointContext context = null;

static Log log = null;

static List items = null;

static List itemsToExclude = null;

static String explanation = null;

static String excludeEntitlement() {

                log.debug("Entering into Exclusion Rule");

ManagedAttribute access = null;

// ManagedAttribute access = null;

String accessCert = null;

Attributes attrs = null;

String appName = null;

String entAttrName = null;

String entAttrVal = null;

Filter masterFilter = null;

List entitlementList = new ArrayList();

for (Iterator iterator = items.iterator(); iterator.hasNext();) {

try {

Certifiable certifiable = (Certifiable) iterator.next();

if (certifiable instanceof EntitlementGroup) {

EntitlementGroup entitlementGroup = (EntitlementGroup) certifiable;

appName = entitlementGroup.getApplicationName();

attrs = entitlementGroup.getAttributes();

entAttrName = attrs.getKeys().get(0).toString();

entAttrVal = attrs.getString(entAttrName);

masterFilter = Filter.and(new Filter[] { Filter.eq("value", entAttrVal),

Filter.eq("attribute", entAttrName), Filter.eq("application.name", appName) });

access = context.getUniqueObject(ManagedAttribute.class, masterFilter);

accessCert = access.getAttribute("certifiable").toString();

if (!accessCert.equalsIgnoreCase("True")) {

itemsToExclude.add(certifiable);

iterator.remove();

explanation = "No need to certify these items";

}

}

} catch (GeneralException e) {

log.error("GeneralException in exclusion: " + e.getMessage());

}

}

items.addAll(entitlementList);

                log.debug("Exiting from Exclusion Rule");

return explanation;

}

public static void main(String[] args) {

String message = excludeEntitlement();

}

}

Password Generation2

 import java.util.Random;

public class PasswordGeneration2 {

static String passwordGenerator2() {

int length = 15;

String password = "";

String numbers = "1234567890";

String speacialCharacters = "!@#$%";

// String speacialCharacters = "";

String upperCaseLetters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";

String lowerCaseLetters = "abcdefghijklmnopqrstuvwxyz";

String passowrConcat = upperCaseLetters + lowerCaseLetters + speacialCharacters + numbers;

Random random = new Random();

for (int i = 0; i < length; i++) {

int index = random.nextInt(passowrConcat.length());

password += passowrConcat.charAt(index);

}

return password;

}

public static void main(String[] args) {

String retValue = passwordGenerator2();

}

}

Password Generation1

import sailpoint.api.PasswordGenerator;

import sailpoint.api.SailPointContext;

import sailpoint.object.Application;

import sailpoint.object.Identity;

import sailpoint.tools.GeneralException;

import org.apache.commons.logging.Log;

import org.apache.commons.logging.LogFactory;

public class PasswordGeneration1 {

static SailPointContext context = null;

static Application application = null;

static Identity identity = null;

static Log logger = LogFactory.getLog("com.mightypedia.password.rule");

private static String generatePassword() throws GeneralException {

String returnPassword = "";

PasswordGenerator passwordGenerator = null;

try {

passwordGenerator = new PasswordGenerator(context);

returnPassword = passwordGenerator.generatePassword(identity, application);

} catch (GeneralException e) {

logger.error("GeneralException: " + e.getMessage());

returnPassword = passwordGenerator.generatePassword();

}

return returnPassword;

}

public static void main(String[] args) {

try {

String password = generatePassword();

} catch (GeneralException e) {

logger.error("GeneralException: " + e.getMessage());

}

}

}

Account Expiration Notification Rule

import java.text.ParseException;

import java.text.SimpleDateFormat;

import java.util.Calendar;

import java.util.Date;

import java.util.HashMap;

import java.util.List;

import java.util.Map;

import org.apache.log4j.Logger;

import sailpoint.api.IdentityService;

import sailpoint.api.SailPointContext;

import sailpoint.object.Application;

import sailpoint.object.EmailOptions;

import sailpoint.object.EmailTemplate;

import sailpoint.object.Filter;

import sailpoint.object.Identity;

import sailpoint.object.Link;

import sailpoint.object.QueryOptions;

import sailpoint.tools.GeneralException;

public class AccountExpirationRule {

static SailPointContext context = null;

static Logger log = null;

static void sendEmail(String identityName, String emailTemplate, String daysRemaining, Date endDate) {

String company = null;

String mgrFirstName = null;

String mgrLastName = null;

String EMAIL_ADMIN = "reddy@mightypedia.com";

String recipient = null;

String ccRecipient = null;

Map args = null;

EmailOptions options = null;

EmailTemplate eTemp = null;

Identity mgr = null;

Identity identity = null;

try {

identity = context.getObjectByName(Identity.class, identityName);

if (identity.getAttribute("company") != null) {

company = identity.getAttribute("company").toString();

}

if (identity.getManager() != null) {

mgr = identity.getManager();

if (mgr.getFirstname() != null) {

mgrFirstName = mgr.getFirstname().toString();

}

if (mgr.getLastname() != null) {

mgrLastName = mgr.getLastname().toString();

}

if (mgr.getEmail() != null) {

recipient = mgr.getEmail().trim().toString();

} else {

log.debug("Manager email is null and setting recipient to admin");

recipient = EMAIL_ADMIN;

}

} else {

log.debug("Identity Manager is null and setting recipient to admin");

recipient = EMAIL_ADMIN;

}

SimpleDateFormat formatDate = new SimpleDateFormat("MM/dd/yyyy");

String startDateFor = "";

String endDateFor = null;

if (identity.getAttribute("startDate").toString() != null) {

startDateFor = formatDate.format(identity.getAttribute("startDate").toString());

}

endDateFor = formatDate.format(endDate);

if (identity.getFirstname() != null && identity.getLastname() != null && identity.getEmail() != null

&& startDateFor != null) {

args = new HashMap();

args.put("identity", identity);

args.put("daysRemaining", daysRemaining);

args.put("firstName", identity.getFirstname());

args.put("lastName", identity.getLastname());

args.put("email", identity.getEmail());

args.put("startDate", startDateFor);

args.put("endDate", endDateFor);

args.put("managerFirstName", mgrFirstName);

args.put("managerLastName", mgrLastName);

args.put("company", company);

}

options = new EmailOptions();

options.setVariables(args);

options.setTo(recipient);

options.setCc(ccRecipient);

eTemp = context.getObject(EmailTemplate.class, emailTemplate);

if (eTemp != null) {

context.sendEmailNotification(eTemp, options);

}

} catch (GeneralException e) {

log.error("GeneralException: " + e.getMessage());

} finally {

try {

context.decache(identity);

context.decache(mgr);

context.decache(eTemp);

} catch (GeneralException e) {

log.error("GeneralException: " + e.getMessage());

}

}

}

public static void main(String[] args) {

Date today = null;

Date todayPlus15 = null;

Date todayPlus30 = null;

Date accuntExpDate = null;

Calendar cal = null;

SimpleDateFormat format = null;

String identityName = null;

String accountExpires = null;

String todayPlus15Conversion = null;

String todayPlus30Conversion = null;

String accuntExpDateConversion = null;

String filter = "(inactive == false &amp;&amp; (type == \"consultant\"))";

List<Link> identityLinks = null;

List<Identity> identities = null;

Application application = null;

IdentityService iDS = new IdentityService(context);

QueryOptions ops = null;

try {

application = context.getObjectByName(Application.class, "AD");

ops = new QueryOptions();

Filter identityFilter = Filter.compile(filter);

ops.addFilter(identityFilter);

identities = context.getObjects(Identity.class, ops);

if (identities != null) {

for (Identity identity : identities) {

identityName = identity.getName();

identityLinks = iDS.getLinks(identity, application);

for (Link identityLink : identityLinks) {

Boolean isDisabled = identityLink.isDisabled();

if (!isDisabled) {

if (identityLink.getAttribute("accountExpires") != null

&& !identityLink.getAttribute("accountExpires").equals("") && !identityLink

.getAttribute("accountExpires").toString().equalsIgnoreCase("never")) {

accountExpires = identityLink.getAttribute("accountExpires").toString();

format = new SimpleDateFormat("MM/dd/yyyy HH:mm:ss aa ZZZ");

try {

accuntExpDate = format.parse(accountExpires);

} catch (ParseException e) {

log.error("ParseException: " + e.getMessage());

}

today = new Date();

cal = Calendar.getInstance();

cal.setTime(today);

cal.set(Calendar.HOUR_OF_DAY, 12);

cal.set(Calendar.MINUTE, 0);

cal.set(Calendar.SECOND, 0);

cal.set(Calendar.MILLISECOND, 0);

cal.add(Calendar.DATE, 15);

todayPlus15 = cal.getTime();

cal.add(Calendar.DATE, 15);

todayPlus30 = cal.getTime();

if (accuntExpDate != null) {

todayPlus15Conversion = new SimpleDateFormat("MM/dd/yyyy").format(todayPlus15);

todayPlus30Conversion = new SimpleDateFormat("MM/dd/yyyy").format(todayPlus30);

accuntExpDateConversion = new SimpleDateFormat("MM/dd/yyyy").format(accuntExpDate);

if (todayPlus15Conversion.equals(accuntExpDateConversion)) {

sendEmail(identity.getName(), "Account Expiry", "15", todayPlus15);

} else if (todayPlus30Conversion.equals(accuntExpDateConversion)) {

sendEmail(identity.getName(), "Account Expiry", "30", todayPlus30);

} else {

log.debug("Criteria is not matched...");

}

}

}

}

}

}

} else {

log.debug("No Identities found...");

}

} catch (GeneralException e) {

log.error("GeneralException: " + e.getMessage());

}

finally {

try {

context.decache(application);

} catch (GeneralException e) {

log.error("GeneralException: " + e.getMessage());

}

}

}

}