Hi All,
I’m working on a requirement and need some assistance regarding Active Directory attributes. Specifically, I’m trying to retrieve the lastLogonTimestamp attribute for all users and include it in a IIQ Report.
I tried to fetch it, but I’m not seeing the attribute in report. Could anyone guide me on how to pull this attribute it in Report?
Thanks!
Hi @GutteStolt,
in which report you want add the column?
Hi @GutteStolt
Are you trying to get the lastlogon timestamp attribute from Active Directory account ?
Hello @enistri_devo ,
Thank you for the response.
The report name is Application account by attribute name. In this report i want to add the column. Is is possible to add the column?
Thanks
Hello @vinnysail.
Yes correct, I’m trying to get lastlogon timestamp attribute form the AD.
This report is configured to detect all Searchable account attribute of an application. So, you have 3 way to add lastlogon attribute:
The first way is the easiest but it’s pretty useless if you create an account attribute only for this report.
The third, for me, is the best because you don’t need it modify the report and you can add other logics also for other applications
Hi @GutteStolt
You can create a custom application report to add lastLogonTimestamp attribute.
In this case, you can refer to following topic to create custom report to add attribute of application.
https://community.sailpoint.com/t5/IdentityIQ-Forum/Custom-Application-Report/m-p/201944
I’ve attached Taskdefinition object customized to include lastLogonTimestamp
TaskDefinition-Application_Account_Schema_Attributes.xml (4.4 KB)
Hello @ismaelmoreno1
Please guide me i was new to customizing part, You want to create new one modify the existing report?
Thanks!
Hi @enistri_devo.
As you mentioned the third point for that. I have one rule attaching that rule can we use this rule to get this value? . It is possible to save this value into the excel
LastLoginTime.txt (4.7 KB)
/CSV.
Thanks
No, your rule is an identityTrigger rule you cant use in a report.
I am talking about the rule with name Account Report Form Customizer, this rule is called into the report to refill the list of visible attribute. You can modify this rule and add your attribute.
Hello @enistri_devo .
The Rule which shared by the @ismaelmoreno1 what changes i need to?.
Hello @GutteStolt
The changes in the rule depend of the results expected to show in your report
What should be the expected output or what column values are expected?
According to your expected output you should modify source code in TaskDefinition object attached
Hello @ismaelmoreno1
As of now i need the only lastLogonTimestamp application attribute.
Hi @GutteStolt
In this case, you need import the following artifacts in your IIQ environment.
TaskDefinition-Application_Account_Schema_Attributes.xml (4.4 KB)
Form-Application_Account_Schema_Attributes.xml (1.7 KB)
Once, artifacts are imported, select Intelligence → Report menu.
In tab Reports, select CLIENT_NAME User Account Attributes Report to create your report.
Once report is selected, set a name and select your Active Directory application in your drop-down list
Then, you must move lastlogonTimestamp column from left side to rigth side, and click button Save and Preview.
Once data is showed in your report, you can save your report.
Hello @ismaelmoreno1
I have imported the these two xml files. i can see the report in the report secretion. But when I’m selecting application as AD and clicking next button getting below error. Additionally i don’t see the Form-Application_Account_Schema_Attributes.xml|attachment in Task definition object. Which object name i have search?.
javax.faces.FacesException: #{reportDefinition.submitForm}: sailpoint.tools.GeneralException: sailpoint.tools.GeneralException: The application script threw an exception: java.lang.NullPointerException: Null Pointer in Method Invocation BSF info: script at line: 0 column: columnNo
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118)
at sailpoint.web.util.SailPointActionListener.processAction(SailPointActionListener.java:42)
at javax.faces.component.UICommand.broadcast(UICommand.java:315)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
sailpoint.web.reports.ReportDefinitionBean.refreshForm(ReportDefinitionBean.java:544)
at sailpoint.web.reports.ReportDefinitionBean.submitForm(ReportDefinitionBean.java:163)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.el.parser.AstValue.invoke(AstValue.java:252)
Hello @GutteStolt
Please, for others errors. first check all possible errors in Compass or Developer community.
I’ve have found the same error in following compass link Solved: Custom Identity Entitlements Report Issue : - Compass
In this case, according to the solution, you must add the following line in TaskDefinition artifact to validate application parameter
if(null != application && void != application)
In my case, this code works fine, so maybe your environment is different to mine, you should adapt or modify your code in your env. First that all, you should understand the code, modify accordingly. For example, check that your attribute name is lastLogonTimestamp
TaskDefinition-Application_Account_Schema_Attributes.xml (4.4 KB)
Hello @ismaelmoreno1 ,
Thanks for the update,
Form-Application_Account_Schema_Attributes.xml this file i have imported which object name i have to search? i don’t see in the TaskDefinition
Thanks
HI @GutteStolt
The Task definition include the form that you have imported.
Let me know if you are able to execute this report successfully or you have any issue