SailPoint | OIM Mighty: January 2024

Wednesday, January 31, 2024

Tuesday, January 30, 2024

FieldValue Rule

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">

<Description>This rule can generate a field value (eg - an account name) using data from the given Identity. If this rule is run in the context of a workflow step then the arguments passed into the step will also be available. Also, any field values that have been processed so far from the policy related to the Application/Role will be available.</Description>

The log object is associated with the SailPointContext.

</Description>

</Argument>

A sailpoint.api.SailPointContext object that can be used to query the database if necessary.

</Description>

</Argument>

The Identity object represents the user needing the field value.

</Description>

</Argument>

The sailpoint.object.Link that is being acted upon. If the link is not applicable,

this value will be null.

</Description>

</Argument>

The sailpoint.object.ManagedAttribute that is being acted upon. If the managed attribute

is not applicable, the value will be null.

</Description>

</Argument>

The provisioning project is being acted upon. If a provisioning project is not applicable,

the value will be null.

</Description>

</Argument>

The account request. If an account request is not applicable, the value will be null.

</Description>

</Argument>

The object request. If an object request is not applicable, the value will be null.

</Description>

</Argument>

The role with the template we are compiling. If the role is

not applicable, the value will be null.

</Description>

</Argument>

The sailpont.object.Application with the template we are compiling. If the application

is not applicable, the value will be null.

</Description>

</Argument>

The Template that contains this field.

</Description>

</Argument>

The current field is being computed.

</Description>

</Argument>

The current value corresponds to the identity or account attribute that the field represents.

If no current value is set, this value will be null.

</Description>

</Argument>

The operation being performed.

</Description>

</Argument>

</Inputs>

The string value is created.

</Description>

</Argument>

</Returns>

</Signature>

import org.apache.commons.logging.Log;

import org.apache.log4j.Logger;

import sailpoint.api.SailPointContext;

import sailpoint.object.Field;

import sailpoint.object.Identity;

import sailpoint.tools.GeneralException;

Logger logger = Logger.getLogger("Mighty.rule.FeildValueRule");

boolean isDebugEnabled = logger.isDebugEnabled();

Object returnValue = null;

if (identity != null) {

if (isDebugEnabled) {

try {

logger.debug("Identity to XML =======" + identity.toXml());

} catch (GeneralException e) {

logger.error("GeneralException: " + e.getMessage());

}

String fieldName = field.getName();

switch (fieldName) {

case "userId":

if (identity.getStringAttribute("userId") != null) {

returnValue = identity.getStringAttribute("userId");

} else {

returnValue = "";

}

break;

case "phoneNo":

if (identity.getStringAttribute("phoneNo") != null) {

returnValue = identity.getStringAttribute("phoneNo");

} else {

returnValue = "";

}

break;

case "email":

if (identity.getEmail() != null) {

returnValue = identity.getEmail();

} else {

returnValue = "";

}

break;

case "firstName":

if (identity.getFirstname() != null) {

returnValue = identity.getFirstname();

} else {

returnValue = "";

}

break;

case "lastName":

if (identity.getLastname() != null) {

returnValue = identity.getLastname();

} else {

returnValue = "";

}

break;

case "dept":

if (identity.getStringAttribute("dept") != null) {

returnValue = identity.getStringAttribute("dept");

} else {

returnValue = "";

}

break;

case "company":

if (identity.getStringAttribute("company") != null) {

returnValue = identity.getStringAttribute("company");

} else {

returnValue = "";

}

break;

case "status":

if (identity.getStringAttribute("status") != null) {

returnValue = identity.getStringAttribute("status");

} else {

returnValue = "";

}

break;

default:

logger.debug("Field is not matched...");

break;

}

if (isDebugEnabled) {

logger.debug("Returning field value = " + returnValue + "for field name " + fieldName);

}

} else {

logger.debug("Identity is null");

returnValue = "";

}

return returnValue;

</Source>

</Rule>

Monday, January 29, 2024

Approval

Approval steps don't have the below actions:

can't call methods
scripts
workflow

Different ways to initialize a variable in workflow.

action='call:verifyCondition'

intializer='string:prasad'

script:identity.getEmail()

value='ref:identity'

rule:Mighty Rule library

Sunday, January 21, 2024

ReferencedRule

</ReferencedRules>

Tuesday, January 16, 2024

Delete-AllAccounts-In-Applciation-Safely

import java.util.List;

import sailpoint.api.SailPointContext;

import sailpoint.object.Filter;

import sailpoint.object.Identity;

import sailpoint.object.QueryOptions;

import java.util.List;

import sailpoint.api.Provisioner;

import sailpoint.api.SailPointContext;

import sailpoint.object.Identity;

import sailpoint.object.Link;

import sailpoint.object.ProvisioningPlan;

import sailpoint.object.ProvisioningProject;

import sailpoint.object.ProvisioningPlan.AccountRequest;

try {

ProvisioningPlan plan = new ProvisioningPlan();

List identityList = context.getObjects(Identity.class);

for (Identity identity : identityList) {

if (identity != null && (!"prasad".equals(identity.getName())))

{

plan.setIdentity(identity);

List links = identity.getLinks();

if (links != null && links.size() > 0) {

for (Link linkObj : links) {

if (linkObj != null && "Mighty App".equals(linkObj.getApplicationName())) {

AccountRequest accountRequest = new AccountRequest();

accountRequest.setOperation(AccountRequest.Operation.Delete);

accountRequest.setNativeIdentity(linkObj.getNativeIdentity());

accountRequest.setApplication(linkObj.getApplicationName());

plan.add(accountRequest);

}

Provisioner provisioner = new Provisioner(context);

ProvisioningProject project = provisioner.compile(plan);

provisioner.execute(project);

}

} catch (Exception e) {

log.error("exception occurred at: "+e.getMessage());

}

Thursday, January 4, 2024

Object Classes for Group/Entitlement creation in AD/LDAP

objectClass: groupOfUniqueNames
objectClass: top
cn: IIQ
description: SailPoint IIQ Admin Access

Wednesday, January 3, 2024

Remove extra spaces in MS word

Ctrl+h

=> Navigate to Replace Tab:

Find what: (){2,}
Replace with: \1
Click on More > use wildcard
Click on ReplaceAll.

Tuesday, January 2, 2024

Update Entitlement In Cataloge

import java.util.HashMap; import java.util.Map; import sailpoint.api.SailPointContext; import sailpoint.object.ManagedAttribute;

public class UpdateEntitlmentInCataloge { static SailPointContext context = null; public static void main(String[] args) { try { Map map = new HashMap(); map.put("en_US", "IAM Test group: Mighty"); ManagedAttribute managedAttribute = context.getObjectById(ManagedAttribute.class, "be19f8788ba61b15818ba16e5d0d03e4"); managedAttribute.setAttribute("description", "Updated description: Mighty"); managedAttribute.setDisplayName("IAMTest2"); managedAttribute.setValue("CN=IAMTest,OU=Standard,OU=Security,OU=Groups,DC=ls,DC=mightypedia,DC=com"); managedAttribute.setDescriptions(map); context.saveObject(managedAttribute); context.commitTransaction(); context.decache(managedAttribute); // return "Success"; } catch (Exception e) { log.error("Exception occurred : " + e.getMessage()); } } }

Get All Entitlements of User

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">

The log object is associated with the SailPointContext.

</Description>

</Argument>

A sailpoint.api.SailPointContext object that can be used to query the database if necessary.

</Description>

</Argument>

The Link is being inspected.

</Description>

</Argument>

</Inputs>

The number of days before password expiration. If the number is negative then the password has expired, if the number is positive then a notification should be sent out, otherwise, a null value is returned indicating no notification is necessary.

</Description>

</Argument>

</Returns>

</Signature>

import java.util.ArrayList;

import java.util.Iterator;

import java.util.List;

import sailpoint.api.SailPointContext;

import sailpoint.object.Application;

import sailpoint.object.Attributes;

import sailpoint.object.EntitlementGroup;

import sailpoint.object.Identity;

List finalList = new ArrayList();

String userName = "beereddy";

Identity identity = context.getObjectByName(Identity.class, userName);

if(identity != null @and identity.getExceptions() != null){

List entGrps = identity.getExceptions();

if (entGrps != null @and !entGrps.isEmpty()) {

Iterator egItr = entGrps.iterator();

while (egItr.hasNext()) {

EntitlementGroup entEg = (EntitlementGroup) egItr.next();

if (entEg != null) {

if (entEg.getAttributes() != null) {

finalList.add(entEg.getAttributes().getMap().get("memberOf"));

}

return finalList;

}

</Source>

</Rule>

SailPoint | OIM Mighty

Labels

Wednesday, January 31, 2024

Tuesday, January 30, 2024

FieldValue Rule

Monday, January 29, 2024

Approval

Different ways to initialize a variable in workflow.

Sunday, January 21, 2024

ReferencedRule

Tuesday, January 16, 2024

Delete-AllAccounts-In-Applciation-Safely

Thursday, January 4, 2024

Object Classes for Group/Entitlement creation in AD/LDAP

Wednesday, January 3, 2024

Remove extra spaces in MS word

Tuesday, January 2, 2024

Update Entitlement In Cataloge

Get All Entitlements of User

Fetch Members from Workgroup