Hi Team,
i have created a certification event when user manager got changed or any mover event triggers certification will get triggered. but our requirement is to trigger this certification event template by using rule.
when i tried it by below code certificationdefinition was getting created in backend but in UI it is not creating.
Code:
try
{
Identity requestor = context.getObjectByName(Identity.class, “spadmin”);
Identity identity = context.getObjectByName(Identity.class, “1234”);
Identity certifier= identity.getManager();
List identities = new ArrayList();
identities.add(identityName);
Identity certGroupOwner = context.getObjectByName(Identity.class, “2345”);
String certificationDefinitionTemplateName=“mover recertification-rule”;
CertificationDefinition templateCert = context.getObjectByName(CertificationDefinition.class, certificationDefinitionTemplateName);
CertificationDefinition definition = (CertificationDefinition) templateCert.derive(context);
log.error(“Configure certification definition”);
String certName = “mover access recertification " + identityName;
definition.setNameTemplate(certName);
definition.setShortNameTemplate(certName);
definition.setName(certName + " [” + new Date().toString() + “]”);
definition.setIdentitiesToCertify(identities);
definition.setCertifierName(certifier.getName());
definition.setCertificationOwner(certGroupOwner);
definition.setCertificationNameTemplate(certName);
definition.setOwner(certGroupOwner);
definition.setDescription("Access review for " +certifier.getName());
context.saveObject(definition);
context.commitTransaction();
TaskDefinition taskDef = context.getObjectByName(TaskDefinition.class, “Certification Manager”);
taskDef.setConcurrent(true);
TaskSchedule taskSchedule = new TaskSchedule();
taskSchedule.setName("Certification Trigger1 " + “[” + new Date().toString() + "] ");
taskSchedule.setLauncher(“spadmin”);
taskSchedule.setArgument(“certificationDefinitionId”, templateCert.getId());
taskSchedule.setArgument(“executor”, taskDef.getId());
// Run the task now. Kicks off the certification.
TaskManager tm = new TaskManager(context);
tm.runNow(taskSchedule);
context.saveObject(taskSchedule);
context.commitTransaction();
return “ok”;
}
Hi @Ramya2018
Can you provide more information like which Rule is being used and where is this attached. Also provide error logs if any
Hi @Jarin_James
Thank you for the response…
our requirement is when any attribute changes (like manager or country or department) lifecycle event will trigger, in that event workflow we are calling this rule to trigger the certification.
Rule type=“IdentityTrigger”
and in logs we are not getting any error messages but logs after trying to run now the taskschedule is not getting printed. sample code
// Run the task now.
TaskManager tm = new TaskManager(context);
tm.runNow(taskSchedule);
context.saveObject(taskSchedule);
context.commitTransaction();
And when we run this rule every time we are getting “A task schedule with the name ‘Certification Trigger1 [Thu Jul 20 14:51:46 CST 2023]’ already exists”. when we renamed it also.
by using this rule CertificationDefinition was getting created in debug and TaskSchedule was getting created with Certification Trigger1 [Thu Jul 20 14:51:46 CST 2023] even though we are getting message as already exist. But this certification and task are not visible in UI page.
Hi @Ramya2018
The IdentityTrigger will only return true and false based on the criteria. You don’t have to create a Certification Definition in the Rule. It will be automatically created if the rule is returning true.
Please find the below example Rule
import sailpoint.object.Identity;
import sailpoint.tools.Util;
String previousValue = (String) previousIdentity.getAttribute("Department");
String newValue = (String) newIdentity.getAttribute("Department");
if (Util.isNullOrEmpty(previousValue) || Util.isNullOrEmpty(newValue)) {
return false;
}
if (!previousValue.equalsIgnoreCase(newValue)) {
return true;
}
return false;
Also please find the sample screenshot my certification event
You can even select EventType as Attribute Change if it is a simple attribute change.
Regards,
Jarin
Hi @Jarin_James
Thank you for the response…
I got your point might be i was using wrong rule type. Sorry for confusion.
Our requirement is to call the certification event in one of the workflow step. when i called manager certification from rule it was working fine but when i was trying to call certification event from rule it was generating in debug only, not visible in UI.
At one of our clients we use identity triggers for joiners, movers and leavers. Joiners and Leavers are to be processed as soon as possible while a mover is only processed it all role assignment, events are processed and also after the latests aggregations to have an clear view on what has been changed during the move processing/reassignment of business roles.
I have created an identity mover trigger to store the identityName in a custom object and run a task at the end of the daily processing to really start the certification.
The code to start the certification from the task is:
Initialize the certification aka create a new certification Template function:
public CertificationDefinition initializeCertification (CertificationDefinition template, String name, String accReviewName, String accReviewShortName, Date date, String certOwner) throws GeneralException {
if (log.isDebugEnabled()) log.debug("in initialize cert");
//Cloning Certificate from existing template
XMLObjectFactory instance = XMLObjectFactory.getInstance();
CertificationDefinition newcert = (CertificationDefinition) instance.cloneWithoutId(template, (XMLReferenceResolver) context);
newcert.setCreated(date);
newcert.setModified(date);
newcert.setName(name);
newcert.setCertificationNameTemplate(name);
newcert.setNameTemplate(accReviewName);
newcert.setShortNameTemplate(accReviewShortName);
Attributes attrMap = newcert.getAttributes();
attrMap.put("owners", certOwner);
newcert.setAttributes(attrMap);
if (log.isDebugEnabled()) log.debug("newcert: " + newcert.toXml());
context.saveObject(newcert);
context.commitTransaction();
context.attach(newcert);
return newcert;
}
Schedule the certification function:
public void scheduleCertification (String certId, String name) throws Exception {
if (log.isDebugEnabled()) log.debug("in schedule cert");
TaskSchedule taskSchedule = new TaskSchedule();
taskSchedule.setName(name);
taskSchedule.setLauncher("spadmin");
taskSchedule.setArgument("certificationDefinitionId", certId);
taskSchedule.setArgument("executor", "Certification Manager");
taskSchedule.setArgument("resultName", "Certification executor");
TaskManager tm = new TaskManager(context);
TaskResult tr = tm.runSync(taskSchedule, new HashMap());
log.debug("taskresult: " + tr.calculateCompletionStatus().toString());
}
To call the above functions with some data:
- moverName = the name of the identity
- Certification Definition to clone : Mover Certification
Identity moverIdentity = context.getObjectByName(Identity.class, moverName);
moverIdentityName = moverIdentity.getDisplayName();
if (log.isDebugEnabled()) log.debug("Creating mover cert for "+ moverIdentityName);
Date today = new Date();
Calendar cal = Calendar.getInstance();
cal.setTime(today); // don't forget this if date is arbitrary e.g. 03-14-1879
int dayOfMonth = cal.get(Calendar.DAY_OF_MONTH); // 14
int month = cal.get(Calendar.MONTH) + 1; // 3
int year = cal.get(Calendar.YEAR); // 2018
CertificationDefinition moverCertTemplate = context.getObject(CertificationDefinition.class, "Mover Certification");
String moverCertName = "Certification for Mover " + moverIdentityName + " " + year + "-" + month + "-" + dayOfMonth;
String accReviewName = "Certification for Mover " + moverIdentityName + " ("+ moverName + ") " + year + "-" + month + "-" + dayOfMonth;
String accReviewShortName = "Certification for Mover " + moverName + " " + year + "-" + month + "-" + dayOfMonth;
CertificationDefinition moverCertDef = initializeCertification(moverCertTemplate, moverCertName, accReviewName, accReviewShortName, today, "Mover certificeerders");
List certIdentitiesList = new ArrayList();
certIdentitiesList.add(moverName);
moverCertDef.setIdentitiesToCertify(certIdentitiesList);
scheduleCertification(moverCertName,"sched-"+moverCertName);
I hope this helps and provides creativity
– Remold
Hi @Remold Remold Krol
Thank you for the Response.
The code which you suggested i tried the code and it’s working thanks a lot.
And I was facing another issue with predelegation rule.
In our requirement after mover certification, user has to certify his access and then manager has to review the decision and should be able to change the users decision.
Sample code of predelegation i was using.
Map results =new HashMap();
String IdentityName=entity.getIdentity();
results.put(“recipient”, context.getObjectByName(Identity.class, IdentityName));
//results.put(“reassign”,true);
Here i was not giving reassign equal to true in rule, i was trying to delegate the access reviews. But Once the certification got triggered two workitems are getting generated at a time. One workitem as delegate (for user) and another workitem as access review (for manager). If i tried to take decisions as delegate and saved decisions, the work item is not getting closed.
But for my requirement, it should not create two workitems the workitem should create for user as certifier and after user completes the decision it should go to manager for signoff.
My Query: can sign off approver can change the decision that made by user?
Hi Ramya,
Would you be so kind to place the predelagation rule question in another thread? This keeps this forum cleaner and easier to find the questions and including solutions.
I will do my best to find an answer/solution to your question
Also would you mark my previous reply as Solution? So everyone can see the question has been answered?
Thanks,
Remold
Hi @Remold
I had marked your previous reply as Solution. And i will create a new thread for the predelegation rule. Thank you for response
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.