AD Application Provisioning Policy Form Dynamic List

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Which IIQ version are you inquiring about?

IIQ 8.3

Share all details about your problem, including any error messages you may have received.

We want to start provisioning AD accounts in one of our AD Domains by having HelpDesk users Add a Role to an Identity that will trigger provisioning of a new AD Account.

We got this working, but for a specific field (distinguishedName) we need to have a list to choose from because the OU will be different based on some user criteria.

If in Provisioning Policies, under Value Settings for Account DN we choose ‘Value’ for Allowed Values, it presents an area where you can create a list. What I’m wondering is if there is a way this can be pre-populated with values such as below for the HelpDesk person to choose from on a form –

  • “CN=”+identity.getAttribute(“displayName”)+“,OU=UsersA,OU=Corp,DC=com”

  • “CN=”+identity.getAttribute(“displayName”)+“,OU=UsersB,OU=Corp,DC=com”

  • “CN=”+identity.getAttribute(“displayName”)+“,OU=UsersC,OU=Corp,DC=com”

  • “CN=”+identity.getAttribute(“displayName”)+“,OU=UsersD,OU=Corp,DC=com”

For the actual form, we would want it to look like -

  • CN=Bob Smith,OU=UsersA,OU=Corp,DC=com

  • CN=Bob Smith,OU=UsersB,OU=Corp,DC=com

  • CN=Bob Smith,OU=UsersC,OU=Corp,DC=com

  • CN=Bob Smith,OU=UsersD,OU=Corp,DC=com

Thanks for any help you can provide!

2

Hi @chrisk,

in this case you can use a script/rule where you return a list of those values

3

Hi @enistri_devo ,
Would you or anyone else care to expand on that? I’m not a developer, but do have a Field Value Rule where all the other values are being returned. Is that where this would go, and it would populate a list on the form?
Does anyone have an example that they would care to share or at least a good shove in the right direction?

Thank you.

4

Hi @chrisk,

You can write a rule and attached to Allowed values in provisioning policy form. AllowedValues rule specifies the set of values to display in the drop-down list

image
image721×687 22.5 KB

Otherwise, you can directly write a script. Please refer the below script.

<Field displayName="distinguishedName" name="distinguishedName" required="true" type="string">
<AllowedValuesDefinition>
   <Script>
       <Source>
    import java.util.List;
import java.util.ArrayList;
import sailpoint.object.Identity;

List values = new ArrayList();

String displayName = identity.getDisplayName();
values.add("CN="+displayName+",OU=UsersA,OU=Corp,DC=com");
values.add("CN="+displayName+",OU=UsersB,OU=Corp,DC=com");
values.add("CN="+displayName+",OU=UsersC,OU=Corp,DC=com");
values.add("CN="+displayName+",OU=UsersD,OU=Corp,DC=com");

return values;
  </Source>
      </Script>
            </AllowedValuesDefinition>
          </Field>
2 Likes
5

I think this looks exactly like what I’m looking for, can’t thank you enough! I’ll choose ‘Script’ under ‘Allowed Values’ and put this script right there!
Thanks again!

6

@Arun-Kumar - I hate to bother, but that doesn’t work for me.
I commented out the old section in the Field Value Rule that was assigning to one specific OU.
Under ‘Allowed Values’ I chose Script
I added the script in the text box.
Now, previewing Form still doesn’t show a drop down with options.
I then tested with onboarding a user and it failed to create the AD Account - “Native Identity should not be null or empty”
I was not presented with a form.

DNScriptSetup
DNScriptSetup502×1164 27.1 KB

Here is my edited script -

<Field displayName="distinguishedName" name="distinguishedName" required="true" type="string">
<AllowedValuesDefinition>
   <Script>
       <Source>
    import java.util.List;
import java.util.ArrayList;
import sailpoint.object.Identity;

List values = new ArrayList();

String displayName = identity.getDisplayName();
values.add("CN="+displayName+",OU=Employees,OU=Corp Systems,DC=tti,DC=yardi,DC=com");
values.add("CN="+displayName+",OU=Special Accounts,OU=Others,OU=Employees,OU=Corp Systems,DC=tti,DC=yardi,DC=com");

return values;
  </Source>
      </Script>
            </AllowedValuesDefinition>
          </Field>

Can someone point out where I may be going wrong?
Thank you!!

7

Hi @chrisk,

You have added entire field definition in to the script. Please add the below script only and check.

 import java.util.List;
import java.util.ArrayList;
import sailpoint.object.Identity;

List values = new ArrayList();

String displayName = identity.getDisplayName();
values.add("CN="+displayName+",OU=Employees,OU=Corp Systems,DC=tti,DC=yardi,DC=com");
values.add("CN="+displayName+",OU=Special Accounts,OU=Others,OU=Employees,OU=Corp Systems,DC=tti,DC=yardi,DC=com");

return values;

image

1 Like
8

BINGO!
I can’t thank you enough, it really is great having you guys on here willing to help with these things!

I had to add ‘Review Required’ and then the Form was presented with the desired values.

Thanks again!

9

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.