I’m trying this code in my local to add members into the group that is created, but its not working. This is 1st time I’m trying this and I’m struck at this point, there might be any issue in the code or the way we approach to add members, if anyone know the right approach please help me out. This is urgent requirement from project, so kindly help me on this. Thank you.
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.api.Provisioner;
import sailpoint.tools.GeneralException;
import java.util.ArrayList;
import java.util.List;
import sailpoint.object.Identity;
log.error(“***********Start of Add Members Rule****************”);
// Step 1: Create a new Provisioning Plan
ProvisioningPlan plan = new ProvisioningPlan();
plan.setTargetIntegration(“Azure AD”);
log.error(“*************”);
// Step 2: Define the group name and list of members to be added
String groupName = “Distribution Team”;
List memberList = new ArrayList();
memberList.add(“UPN of the user”);
log.error(“*************”);
// Step 3: Create an AccountRequest for the group
ProvisioningPlan.AccountRequest aR = new ProvisioningPlan.AccountRequest();
aR.setApplication(“Azure AD”);
aR.setOp(ProvisioningPlan.ObjectOperation.Modify);
aR.setNativeIdentity(groupName);
aR.setType(“group”);
// Step 4: Add each member to the group
aR.add(new ProvisioningPlan.AttributeRequest(“members”, ProvisioningPlan.Operation.Add, memberList));
log.error("Printing list of members: " + memberList);
// Step 5: Add AccountRequest to the Provisioning Plan
plan.add(aR);
// Step 6: Execute the Provisioning Plan
try {
Provisioner provisioner = new Provisioner(context);
provisioner.setSource(“TargetAggregation”);
provisioner.execute(plan);
log.error(“Members added to the group successfully.”);
} catch (GeneralException e) {
log.error("Error executing provisioning plan: " + e.getMessage());
}
log.error(“***********End of Add Members Rule****************”);
I’m affraid this approach will not work in IIQ - as IIQ is more Identity centric IDM you have to add group to users not users to groups.
Simply speaking for each identity you have to create separate provisioning plan with account request pointing to the Azure AD account and with attribute request operation set to ADD with the value of the group you want to assign the user.
Hi @kjakubiak , Thanks for the response. So the above plan has to be opposite way ? Have to create a AccountRequest for Identity and AttributeRequest for Group. Am i right? and is this same for Distribution List also?
Each identity has to have a separate provisioning plan, in this provisioning plan you have to have an account request with native identity of Azure AD account which you want to add to the group and in the account request you have to have an attribute request with value pointing to group to which you want to add this account.
This is correct for all provisioning operations you want to do it doesn’t matter what type of group it is. For IdentityIQ each type of group is still managed attribute object so there’s no difference.
And for this code to work we have to have account in our sailpoint environment, can we do single account aggregation?
log.error(“Start of Add Members Rule*****”);
// Step 1: Create a new Provisioning Plan
ProvisioningPlan plan = new ProvisioningPlan();
plan.setTargetIntegration(“Azure AD”);
log.error(“*************”);
ProvisioningPlan.AccountRequest aR = new ProvisioningPlan.AccountRequest();
aR.setApplication(“Azure AD”);
aR.setOp(ProvisioningPlan.ObjectOperation.Modify);
aR.setNativeIdentity(“UPN of user”);
