Custom form for ad group creation

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

8.4

Has anyone tried to create a custom quicklink/form to create AD groups in iiq? If yes, do you have any pointers on how the quicklink and form should be developed?

2

Hi @PJain

Refer this link to know about quicklinks - https://community.sailpoint.com/t5/Technical-White-Papers/Quicklinks-7-1-and-later/ta-p/78197

Basically you need launch workflow from quicklink, then you can display form in workflow step.

3

Hi,
You an follow below steps:

  1. Create a custom Quicklink (with httpSession attribute to show the success message after submission)
  2. Call the custom workflow.
  3. Inside custom workflow, create a form.
  4. Form can have below options for user input
    a. Group Name
    b. Group Description
    c*. Group Type (like: Security, Distribution)
    d. Owners field (later can be added a workgroup members)
    e*. Group scope (Global, Universal, Domain Local)
    … any other required fields as per your org.
  5. Once user clicks on Submit.
  6. Create ProvisioningPlan with ObjectRequest and call LCM workflow (must be done in background) for better UX.
  7. Navigate the user back to Home with Success message and request id.
  • fields are optional and can be set in Provisioning plan as hard coded values based on requirement.
4

Here’s my quicklink xml -

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE QuickLink PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<QuickLink action="workflow" category="Entitlements" created="1740715992263" id="0a04722a95401f8e81954ac224c71437" messageKey="Create AD Group" modified="1741011537849" name="PCTY - QuickLink - Create AD Group Form" significantModified="1741011537849">
  <Attributes>
    <Map>
      <entry key="allowOther" value="false"/>
      <entry key="forceAllowOthers" value="false"/>
      <entry key="forceAllowSelf" value="true"/>
      <entry key="hideAllowSelf" value="true"/>
      <entry key="quickLinkIdentityId">
        <value>
          <Script>
            <Source> 
              return currentUser.getId();
          </Source>
          </Script>
        </value>
      </entry>
      <entry key="workflowName" value="PCTY - Workflow - Create AD Group"/>
    </Map>
  </Attributes>
  <QuickLinkOptions allowSelf="true" created="1740859217813" id="0a04722995401cb38195534b9795278f" modified="1741011537849" significantModified="1741011537849">
    <DynamicScopeRef>
      <Reference class="sailpoint.object.DynamicScope" id="0a0472298615182281862e0f19b12910" name="IAM Admin"/>
    </DynamicScopeRef>
  </QuickLinkOptions>
</QuickLink>

and here’s my workflow -

Workflow-CreateADGroup.xml (5.7 KB)

But I am getting this error when launching the quicklink -

image
image987×427 16.9 KB

5

Could you please provide the logs for more context?

6

You can remove this line

<entry key="quickLinkIdentityId">
        <value>
          <Script>
            <Source> 
              return currentUser.getId();
          </Source>
          </Script>
        </value>
      </entry>

In workflow, you will get directly by “launcher”.

you will get identity by

Identity requester = context.getObjectByName(Identity.class, launcher);
7

There are no errors in the log