Certification escalation rule

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

8.4p1

Share all details about your problem, including any error messages you may have received.

In my certification escalation rule I am trying to do this:

Identity entity = item.getCertificationEntity( );

however, turns out, item, which is an input argument in escalation rules is a workitem and not a certification item. so, the API above returns null. I have some additional logic on the entity object which I cant execute. how do I get the entity identity for the item the escalation rule is being iterated over?

2

Hi!

You can try it out but it is an other rule type:

<Rule language="beanshell" name="Offboarding" type="CertificationPhaseChange">

import sailpoint.object.*;
    import org.apache.log4j.Logger;

    Logger log = Logger.getLogger("Offboarding");
  
    log.debug("Completed entities: " + certification.getCompletedEntities());
    log.debug("Completed items: " + certification.getCompletedItems());

    for (CertificationEntity certificationEntity : certification.getEntities()) {
      for (CertificationItem certificationItem : certificationEntity.getItems()) {
        if (certificationItem.getAction() != null &amp;&amp; certificationItem.getAction().getStatus().equals(CertificationAction.Status.Approved)) {
          log.debug("CertificationItem is complete and approved");

          String   identityName = certificationItem.getIdentity();
          Identity identity     = context.getObjectByName(Identity.class, identityName);
          identity.setAttribute("xyz", "Checked");
          context.saveObject(identity);
          context.commitTransaction();

        }else {
          log.debug("CertificationItem is " + certificationItem.getAction().getStatus());

        }
      }
    }
1 Like
3

according to my business needs I need it done while the certification is still active , not when the phase changes, unfortunately

4

Hi @dmaan

I have already created a dummy certification I can see that cerification object is accesible there…

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" name="test" type="CertificationPhaseChange">
  <Description>This rule is run when the certification either enters or leaves a phase.</Description>
  <Signature returnType="void">
    <Inputs>
      <Argument name="log" type="org.apache.commons.logging.Log">
        <Description>
          The log object associated with the SailPointContext.
        </Description>
      </Argument>
      <Argument name="context" type="sailpoint.api.SailPointContext">
        <Description>
          A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
        </Description>
      </Argument>
      <Argument name="certification">
        <Description>
          The sailpoint.object.Certification being certified.
        </Description>
      </Argument>
      <Argument name="certificationItem">
        <Description>
          The sailpoint.object.CertificationItem that is being certified.
        </Description>
      </Argument>
      <Argument name="previousPhase">
        <Description>
          Certification.Phase (may be null) that is the previous phase.
        </Description>
      </Argument>
      <Argument name="nextPhase">
        <Description>
          Certification.Phase (may be null) that is the next phase.
        </Description>
      </Argument>
    </Inputs>
  </Signature>
  <Source>xyz</Source>
</Rule>

image
image1275×640 29.5 KB

1 Like
5

please see my response above

6
  1. What type of certification are you using?
  2. Which step is relevant here?
  3. Can you share some screenshots or more code of the rule?
1 Like