# Open the
Eclipse application
# Navigate
to Windows > click on Preferences
# Navigate
to Java and expand it
# Navigate
to Editor and expand it
# Navigate
to Content Assist and click on it
# Navigate to Auto Activation > Enable Auto Activation
Auto Activation > Auto activation
triggers for Java
Enter the following Characters :
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ._
<a href="http://localhost:8080/identityiq/workitem/WorkItem.jsf?id=$item.id">Link</a>
End of Support Policy :
IdentityIQ and File Access Manager End of Support Policy - Compass
https://community.sailpoint.com/t5/Working-With-Support-Knowledge/IdentityIQ-and-File-Access-Manager-End-of-Support-Policy/ta-p/77580#toc-hId-447416239
SELECT
b.name AS IR_Role_Name,
b.type AS Role_Type,
pr.value AS ENT_Value,
a.name AS Application_Name
FROM
identityiq.spt_bundle b
JOIN
identityiq.spt_profile_relation pr ON pr.bundle_id = b.id
JOIN
identityiq.spt_application a ON a.id = pr.source_application
WHERE
b.name ='Pedia - IT - DPA Role';
#####################################################
SELECT
b.name AS it_role_name,
pc.elt AS constraint_value
FROM
identityiq.spt_bundle b
JOIN
identityiq.spt_profile p ON p.bundle_id = b.id
JOIN
identityiq.spt_profile_constraints pc ON pc.profile = p.id
WHERE
b.name ='Pedia - IT - DPA Role';
SELECT
br.id AS business_role_id,
br.name AS business_role_name,
br.type AS business_role_type,
it.id AS it_role_id,
it.name AS it_role_name,
it.type AS it_role_type
FROM identityiq.spt_bundle_requirements r
JOIN identityiq.spt_bundle it ON it.id = r.child
JOIN identityiq.spt_bundle br ON br.id = r.bundle
WHERE
it.name = 'Pedia - IT - DPA Role';
SELECT
br.name AS it_or_business_role_name,
br.type AS it_or_business_role_type,
it.name AS org_role_name,
it.type AS org_type
FROM identityiq.spt_bundle_children c
JOIN identityiq.spt_bundle it ON it.id = c.child
JOIN identityiq.spt_bundle br ON br.id = c.bundle
WHERE
it.name = 'Pedia - IT - DPA Role';
=================================================================
import java.util.ArrayList;
import java.util.List;
import sailpoint.api.SailPointContext;
import sailpoint.object.Bundle;
import sailpoint.object.Filter;
import sailpoint.object.QueryOptions;
import sailpoint.tools.GeneralException;
private static List getRolesBasedOnContainer(String container) {
List aList = null;
QueryOptions qo = null;
try {
aList = new ArrayList();
qo = new QueryOptions();
qo.add(Filter.eq("inheritance.name", container));
List<Bundle> objects = context.getObjects(Bundle.class, qo);
for (Bundle bundle : objects) {
aList.add(bundle.getName());
}
} catch (GeneralException e) {
System.out.println("GeneralException : " + e.getMessage());
}
return aList;
}
String container = "Pedia - IT - DPA Role";
List bundles = getRolesBasedOnContainer(container);
What is Git?
Git is a Version Control System that track file changes.
What is GitHub?
GitHub is a platform that allows developers to collaborate and store their code in the cloud.
Git & GitHub work together to make building, scaling, securing, and storing software much easier.
FYI: A brief introduction to Git for beginners | GitHub
https://www.youtube.com/watch?v=r8jQ9hVA2qs&list=PL0lo9MOBetEFcp4SCWinBdpml9B2U25-f
# Go to browser
# github.com
# Click on Singup
# Login with gmail
# Promt the Username available
FYI : (58735) How to Create a GitHub Account (2025) - Full Tutorial - YouTube
https://www.youtube.com/watch?v=Gn3w1UvTx0A
<Step action="call:getIdentityModel" name="Initialize" posX="15" posY="115" resultVariable="identityModel">
<Description>
Initialize the data for the identity that we are creating.
</Description>
<Transition to="xyz"/>
</Step>
<Script>
<Source>
String name = (String)identityModel.get("name");
if (name != null) {
name = name.trim();
}
return name;
</Source>
</Script>
import sailpoint.api.Aggregator;
import sailpoint.api.SailPointContext;
import sailpoint.api.SailPointFactory;
import sailpoint.connector.Connector;
import sailpoint.connector.ConnectorException;
import sailpoint.connector.ConnectorFactory;
import sailpoint.object.Application;
import sailpoint.object.Attributes;
import sailpoint.object.ResourceObject;
import sailpoint.object.TaskResult;
import sailpoint.tools.GeneralException;
public class SingleAccountAggregation {
//static SailPointContext context = null;
public static String singleAccountAggregation(String appName, String accountName) throws ConnectorException {
try {
SailPointContext context = SailPointFactory.getCurrentContext();
Application application = context.getObjectByName(Application.class, appName);
Connector connector = ConnectorFactory.getConnector(application, null);
if (connector == null) {
return "Failed to connect App";
}
ResourceObject resourceObject = connector.getObject("account",accountName,null);
if (resourceObject == null) {
return "ResourceObject is not found";
}
Attributes attributes = new Attributes();
attributes.put("promoteManagedAttributes", "true");
attributes.put("refreshIdentity", "true");
attributes.put("aggregationType", "account");
Aggregator aggregator = new Aggregator(context, attributes);
TaskResult taskResult = aggregator.aggregate(application, resourceObject);
if (taskResult == null) {
return "taskResult is not found";
}
} catch (GeneralException e) {
System.out.println("singleAccountAggregation : "+e.getMessage());
}
return "success";
}
public static void main(String[] args) {
try {
String result = singleAccountAggregation("appName","accountName");
} catch (ConnectorException e) {
e.printStackTrace();
}
}
}
import java.util.HashMap;
import java.util.Map;
import sailpoint.api.Identitizer;
import sailpoint.api.ObjectUtil;
import sailpoint.api.PersistenceManager;
import sailpoint.api.SailPointContext;
import sailpoint.object.Attributes;
import sailpoint.object.Identity;
import sailpoint.tools.GeneralException;
public class SingleIdentityRefresh {
static SailPointContext context = null;
public static String singleIdentityRefresh(String name) {
try {
// pass the refresh task attributes
Map map = new HashMap();
map.put("", true);
map.put("", true);
map.put("", true);
map.put("", true);
Attributes attributes = new Attributes(map);
Identity identity = ObjectUtil.lockObject(context, Identity.class, null, name, PersistenceManager.LOCK_TYPE_TRANSACTION);
Identitizer identitizer = new Identitizer(context, attributes);
identitizer.refresh(identity);
context.saveObject(identity);
context.commitTransaction();
} catch (GeneralException e) {
System.out.println("GeneralException : " + e.getMessage());
}
return "success";
}
public static void main(String[] args) {
singleIdentityRefresh("Aaron.Nicols");
}
}
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import sailpoint.api.IdentityService;
import sailpoint.api.SailPointContext;
import sailpoint.object.Application;
import sailpoint.object.EmailFileAttachment;
import sailpoint.object.EmailOptions;
import sailpoint.object.EmailTemplate;
import sailpoint.object.Filter;
import sailpoint.object.Identity;
import sailpoint.object.IdentityEntitlement;
import sailpoint.object.Link;
import sailpoint.object.QueryOptions;
import sailpoint.tools.GeneralException;
import sailpoint.tools.Util;
public static boolean isValidUser(String name) {
String regex = "^-?\\d+$";
Pattern pattern = Pattern.compile(regex);
Matcher matcher = pattern.matcher(name);
return matcher.matches();
}
boolean flag = false;
String name = null;
String entitlement = null;
List adLinks = null;
List ticket = null;
Identity identity = null;
Application adApp = null;
IdentityService adIdentityService = null;
Iterator iterator = null;
try {
adLinks = new ArrayList();
ticket = new ArrayList();
ticket.add("name,Entitlement");
adApp = context.getObjectByName(Application.class, "AD");
if (adApp == null) {
logger.error("AD application not found");
return "AD application not found";
}
Filter filter = Filter.and(Filter.eq("type", "Entitlement"), Filter.eq("aggregationState", "Connected"), Filter.eq("application", adApp));
QueryOptions qo = new QueryOptions();
qo.addFilter(filter);
iterator = context.search(IdentityEntitlement.class, qo);
while (iterator.hasNext()) {
IdentityEntitlement ide = iterator.next();
if ((ide.getSourceAssignableRoles() == null @or ide.getSourceAssignableRoles().isEmpty()) @and ide.getIdentity() != null @and ide.getIdentity().isCorrelated()) {
identity = ide.getIdentity();
name = identity.getName();
flag = isValidUser(name);
if (flag) {
adIdentityService = new IdentityService(context);
adLinks = adIdentityService.getLinks(identity, adApp);
if (adLinks != null @and !adLinks.isEmpty()) {
for (Link link : adLinks) {
if (link.getAttribute("serviceAccount") == null) {
entitlement = ide.getValue().toString();
ticket.add("\n" + name + "," + entitlement);
}
}
}
}
}
}
EmailOptions emOptions = new EmailOptions();
EmailTemplate snowTemplate = context.getObjectByName(EmailTemplate.class, "AD-Dang-ENT-TicketEmail");
if (ticket != null @and !ticket.isEmpty()) {
String tickerDetails = ticket.toString().replace("[","").replace("]","");
byte[] ticketDetailsDataByte = tickerDetails.getBytes();
EmailFileAttachment ticFileAttachment = new EmailFileAttachment("AD-Dangling-ENTS.csv", EmailFileAttachment.MimeType.MIME_CSV, ticketDetailsDataByte);
emOptions.addAttachment(ticFileAttachment);
emOptions.setVariable("createIncident", "##CREATEINCIDENT##");
emOptions.setVariable("assignmentGroup", "Pedia-Enterprice");
emOptions.setTo("admin@example.com");
context.sendEmailNotification(snowTemplate, emOptions);
}
} catch (GeneralException e) {
logger.error("GeneralException : "+e.getMessage());
}
finally {
if (iterator != null) {
Util.flushIterator(iterator);
}
if (adLinks != null) {
adLinks.clear();
}
if (ticket != null) {
ticket.clear();
}
}
High Level Steps:-
1. Create a Java Project
2. Create a package
3. Add Apache Tomcat libraries & IdentityIQ libraries (Right click on project > Build Path > Add External Archives)
Reference:
https://www.eclipse.org/downloads/packages/release/2019-09/r
import java.util.Iterator;
import java.util.List;
import sailpoint.object.Bundle;
import sailpoint.object.Certifiable;
log.debug("Entering into the Pedia - Containers _Exclusion Rule ...");
if(items != null @and items.size() > 0){
Iterator iter = items.iterator();
while(iter.hasNext()){
Certifiable item = (Certifiable) iter.next();
if(item instanceof Bundle){
Bundle bundle = (Bundle) item;
if(bundle != null @and !bundle.equals("")){
if(bundle.getType() != null @and !bundle.getType().equals("")) {
if(bundle.getType().equals("organizational")){
iter.remove();
itemsToExclude.add(item);
}
} else {
iter.remove();
itemsToExclude.add(item);
}
}
}
}
}
log.debug("End from Pedia - Containers _Exclusion Rule ...");
Steps:-
# Open Notepad++
# Ctrl+H
# Select the following options like highlighted in the screenshot.
Find What : created="[^"]*"
Replace with : Empty
Find What : id="[^"]*"
Replace with : Empty
Find What : significantModified="[^"]*"
Replace with : Empty
Find What : modified="[^"]*"
Replace with : Empty
(or)
Find What : created="\d+" |id="[a-zA-Z0-9]+" |significantModified="\d+" |modified="\d+"
Replace with : Empty
Find What : significant
Replace with : Empty
<Source>
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.connector.webservices.EndPoint;
import sailpoint.tools.Util;
import sailpoint.util.Listl
log.error("***currentbody***"+ requestEndPoint.getBody().get("jsonBody"));
log.error("***requestEndPoint *** "+ requestEndPoint );
log.error("***provisioningPlan *** "+ provisioningPlan );
if (provisioningPlan != null @and requestEndPoint != null) {
String nativeIdentity = plan.getNativeIdentity();
log.error("Native Identity: " + nativeIdentity);
List accountRequests = plan.getAccountRequests();
log.error("accountRequests: " + accountRequests);
if(accountRequests != null @and accountRequests.size() > 0){
for (AccountRequest accountRequest : accountRequests) {
AccountRequest.Operation op = accountRequest.getOperation();
log.error("Operation: " + op);
log.error("Account Native Identity: " + accountRequest.getNativeIdentity());
List attrRequests = accountRequest.getAttributeRequests();
log.error("attrRequests: " + attrRequests);
if(attrRequests != null @and attrRequests.size() > 0){
for (AttributeRequest attrRequest : attrRequests) {
String attrName = attrRequest.getName();
Object attrValue = attrRequest.getValue();
if (attrValue instanceof String) {
log.error("It's a String");
} else if (attrValue instanceof Integer) {
log.error("It's an Integer");
}
log.error("Attribute: " + attrName + " | Value: " + attrValue);
// Add 'role_Id' attribute if operation is Modify
if (op == AccountRequest.Operation.Modify) {
AttributeRequest attrGrpRequest = new AttributeRequest("role_Id", ProvisioningPlan.Operation.Set, attrValue);
accountRequest.add(attrGrpRequest);
log.error("Added role_Id attribute with value: " + attrValue);
}
if (op == AccountRequest.Operation.Create) {
AttributeRequest attrGrpRequest = new AttributeRequest("role_Id", ProvisioningPlan.Operation.Set, attrValue);
accountRequest.add(attrGrpRequest);
log.error("Added role_Id attribute with value: " + attrValue);
}
}
}
}
}
}
log.error("Provisioning rule completed.");
//return endPoint;
</Source>
Reference :
https://community.sailpoint.com/t5/IdentityNow-Connectors/Identity-Security-Cloud-Connectors/ta-p/80019
1.Locate VAs close to sources
2.Restarting the VA cluster is almost always the best first action to resolve problems with a VA
3.Use Static IP addresses to simplify networking setup and monitoring
4.To avoid a single point of failure in your environment, maintain a 1:1 VA-to-VM ratio
5.Create New VAs to Switch Deployment Locations and Platforms
6.Allow inbound communications over SSH (port 22) secure shell access for administrative purposes so you can access the VA from inside your network
7.Deploy a minimum of 2 VAs per cluster
8.Separate Sandbox and Production clusters
9.Allow unrestricted outbound traffic on ports 53 (DNS), 123 (NTP), and 443 (HTTPS). As an alternative, you can set up a proxy or single point of access. (Network proxy, firewalls, and caching products can interfere with VA communications)
10.Optional: for added security within your network, configure VAs to communicate with connected sources over Transport Layer Security (TLS)
Reference:
https://documentation.sailpoint.com/saas/help/common/getting_notified_org_health.html
Reference:
https://community.sailpoint.com/t5/Identity-Security-Cloud-Updates/bg-p/Updates
Reference:
https://developer.sailpoint.com/docs/extensibility/configuration-management/saas-configuration/
API:
v2024 APIs | SailPoint Developer Community
https://developer.sailpoint.com/docs/api/v2024/
Reference :
Rules | SailPoint Developer Community
https://developer.sailpoint.com/docs/extensibility/rules/
Reference :
Transforms | SailPoint Developer Community
https://developer.sailpoint.com/docs/extensibility/transforms
