Version 8.2
My client has asked me whether it’s possible to extract reports in Application Analysis from attributes of an application account in IdentityIQ, such as LDAP, AD, etc… Does SailPoint have any OOTB feature to facilitate this?
We have noted that is possible search accounts through Advanced Analysis but this search is limited because all this possible search by Application, Date, Disabled, etc.
Hi Belen,
It is possible but not straight forward - I believe the easiest way would be to use JDBC Reporting Library in order to create report with SQL Query to get this attributes. It is however important what database you have.
Its Pretty easy to do OOTB, you just need to utilize the TaskResult reporting tool.
That way you don even need to do JDBC querys or anything.
If you want i can send you the material.
Hi @ipobeidi, @kjakubiak,
Thanks for your quick reply.
Yes, please I would be pleased to receive any information about this topic.
Regarding to use JDBC Reporting Library, @kjakubiak I will investigate any way to retrieve information using JDBC Reporting Library.
Thanks and regards!
Hi @vishal_kejriwal1,
I have been reviewing what you told me and I have seen that only some attributes appear, limiting what is seen in the report. As you can see in the picture, the value showed refer to identity attribute.
Is there any way to get the application’s extended account attributes to be showed?
Thanks and regards!
Are those attribute added to the application schema ?
Yes, you can create a custom report to gather all the extended attributes you desire along with their values. Just ensure those attributes are added in the application schema.
refer HQL query to retrieve linked attribute value - IdentityIQ (IIQ) / IIQ Discussion and Questions - SailPoint Developer Community Forum which have HQL based report tp pull the application and identity attributes both.
there is a ootb report available. Or you configure your own report like this, an example for Workday
<TaskDefinition executor="sailpoint.reporting.LiveReportExecutor" name="My Workday Worker Report" progressMode="Percentage" resultAction="Rename" subType="Identity and User Reports" template="true" type="LiveReport">
<Attributes>
<Map>
<entry key="report">
<value>
<LiveReport title="Workday Worker Report">
<DataSource objectType="sailpoint.object.Link" type="Filter">
<QueryParameters>
<Parameter argument="application" property="application.id"/>
<Parameter argument="inactive" property="identity.inactive" valueClass="boolean"/>
</QueryParameters>
</DataSource>
<ReportForm>
<Reference class="sailpoint.object.Form" name="Application Account Attributes Report Form"/>
</ReportForm>
<Columns>
<ReportColumnConfig field="identityName" header="Identity Name" property="identity.name" sortable="true" width="110"/>
<!-- from here on link attribute -->
<ReportColumnConfig field="nativeIdentity" header="rept_app_account_attrs_col_account" property="nativeIdentity" sortable="true" width="110"/>
<ReportColumnConfig field="USERID" header="USERID" property="id" sortable="true" width="110">
<RenderScript>
<Source>
import sailpoint.object.Link;
import sailpoint.tools.Util;
Link link = context.getObjectById(Link.class, value);
String attribute = Util.otos(link.getAttribute("USERID"));
return attribute == null ? "" : attribute;
</Source>
</RenderScript>
</ReportColumnConfig>
<ReportColumnConfig field="FILENUMBER" header="FILENUMBER" property="id" sortable="true" width="110">
<RenderScript>
<Source>
import sailpoint.object.Link;
import sailpoint.tools.Util;
Link link = context.getObjectById(Link.class, value);
String attribute = Util.otos(link.getAttribute("FILENUMBER"));
return attribute == null ? "" : attribute;
</Source>
</RenderScript>
</ReportColumnConfig>
for each schema attribute you want to see in the report, add a ReportColumnConfig following the pattern above
I searched also through Compass and found this topic:
https://community.sailpoint.com/t5/IdentityIQ-Forum/Custom-Application-Report/m-p/201944
It might be helpful for you as well