Introduction
SailPoint IdentityIQ (IIQ) is a powerful identity governance platform that helps organizations manage user access, entitlements, and compliance. One of its key features is its robust reporting capabilities. While IIQ comes with many out-of-the-box reports, organizations often need to create custom reports to meet their specific requirements. This guide will walk you through the process of creating a custom report in IIQ, specifically focusing on a report that shows applications and associated accounts.
Understanding IIQ Reporting
Before we dive into creating a custom report, let’s briefly discuss the reporting system in IdentityIQ.
Out-of-the-Box Reports
IdentityIQ comes with a wide range of pre-built reports covering various aspects of identity governance, such as:
- Access Review Decision Report
- Manager Access Review Live Report
- Role Members Report
- Identity Role Report
- …etc
These reports provide a good starting point for many organizations. However, there are scenarios where custom reports become essential to meet specific business needs.
Steps to Create an Out-of-the-Box Report
Out-of-the-box reports in IdentityIQ are straightforward to create and configure. Below are the steps you can follow:
- Navigate to the Reporting Section
- Go to the IdentityIQ dashboard.
- Click on the Intelligence tab to view available reports.
- Click on the Reports tab to view available reports.
- Select a Pre-built Report Template
- Browse the list of pre-built reports.
- Choose a template that closely matches your reporting needs. For example, we are choosing “Role Details Report”.
- Customize the Report Parameters
- Once you’ve selected a report, customize the report parameters such as Name of your report, etc.
- Run the Report
- After configuring the parameters, click on the Save and Execute button.
- The report will generate based on the selected criteria and can be downloaded or viewed directly within IdentityIQ.
Custom Reporting in IdentityIQ
Need for Custom Reports
While the pre-built reports in IdentityIQ are comprehensive, organizations often have unique requirements that cannot be addressed by the standard reports. Custom reporting becomes essential in scenarios where organizations need to:
- Combine data from multiple sources: IdentityIQ integrates with various systems, and organizations may need to consolidate data from different sources into a single report.
- Tailor reports to specific business requirements: Each organization has its own processes, policies, and reporting needs. Custom reports can be tailored to meet these specific requirements.
- Enhance report formatting and presentation: Organizations may want to customize the layout, branding, and visual representation of reports to align with their corporate standards or stakeholder preferences.
- Automate report generation and distribution: Custom reports can be integrated into automated processes, scheduled to run at specific intervals, and distributed to relevant stakeholders automatically.
- Enhance out-of-the-box reports: Standard reports can be enhanced by adding additional columns to the report configuration.
Building a Custom Report in IdentityIQ
IdentityIQ provides a robust framework for building custom reports. In this blog post, we’ll explore how to create a task definition that generates a report showing applications and associated accounts. This report will display all accounts linked to a specific application, or if no application is selected, it will show accounts for all applications.
Task Definition
The task definition in IdentityIQ defines the report configuration, including the data source, report form, columns, and other settings. Here’s an example of a task definition XML file:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<TaskDefinition executor="sailpoint.reporting.LiveReportExecutor" name="au Details Report" progressMode="String" resultAction="Rename" subType="Custom" template="true" type="LiveReport">
<Attributes>
<Map>
<entry key="TaskDefinition.runLengthAverage" value="8"/>
<entry key="TaskDefinition.runLengthTotal" value="8"/>
<entry key="TaskDefinition.runs" value="1"/>
<entry key="report">
<value>
<LiveReport disablePreview="true" title="UserDetailsReport">
<DataSource dataSourceClass="com.cf.custom.reports.ApplicationUserDataSource" type="Java"/>
<ReportForm>
<Reference class="sailpoint.object.Form" name="auReportForm"/>
</ReportForm>
<Columns>
<ReportColumnConfig field="ApplicationName" header="ApplicationName" sortable="true" width="110"/>
<ReportColumnConfig field="UserName" header="UserName" sortable="true" width="110"/>
</Columns>
</LiveReport>
</value>
</entry>
</Map>
</Attributes>
<Description>A report to print application/user.</Description>
<RequiredRights>
<Reference class="sailpoint.object.SPRight" name="FullAccessUserReport"/>
</RequiredRights>
<Signature>
<Inputs>
<Argument name="Application" type="string">
<Description>Application</Description>
</Argument>
</Inputs>
</Signature>
</TaskDefinition>
Report Form
The report form defines the input parameters that users can provide when running the report. In our example, the form includes a field to select an application:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Form PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Form hidden="true" name="auReportForm" type="Report">
<Section columns="4" label="Request Parameters" name="customProperties">
<Field columnSpan="1" displayName="Application" helpKey="Application" name="Application" type="Application" value="ref:ApplicationName"/>
</Section>
</Form>
Importing the Task Definition
Once you’ve prepared your XML file:
- Go to the IdentityIQ dashboard.
- Click on Global Settings.
- Choose Import from File.
- Select your file and click Import.
Java Code
The custom report logic is implemented in a Java class that extends the JavaDataSource
interface. This class retrieves the application and account data from the IdentityIQ database and populates the report with the required information. Here’s an example of the Java code:
public class ApplicationUserDataSource implements JavaDataSource {
// Class implementation
}
The prepare()
method in the Java class executes the necessary SQL queries to fetch the application and account data. If an application is selected, the query retrieves accounts for that specific application; otherwise, it fetches accounts for all applications.
public void prepare() throws GeneralException {
try {
connection = context.getJdbcConnection();
if (customQueryOptions.containsKey("Application")) {
String applicationid = customQueryOptions.get("Application");
getDetailsForApplication(applicationid);
} else {
getDetailsForAllApplications();
}
finalobjects = objectList.iterator();
} catch (Exception ex) {
// Exception handling
}
}
The getDetailsForApplication(String applicationid)
and getDetailsForAllApplications()
methods execute the respective SQL queries and populate the objectList
with the retrieved data.
private void getDetailsForApplication(String applicationid) {
String sql = "SELECT A.name AS applicationName, U.display_name AS userName "
+ "FROM identityiq.spt_application AS A "
+ "JOIN identityiq.spt_link AS U ON A.id = U.application "
+ "WHERE A.id = ?";
// Execute query and populate objectList
}
private void getDetailsForAllApplications() {
String sql = "SELECT A.name AS applicationName, U.display_name AS userName "
+ "FROM identityiq.spt_application AS A "
+ "JOIN identityiq.spt_link AS U ON A.id = U.application";
// Execute query and populate objectList
}
The getFieldValue(String fieldName)
method is implemented to provide the values for the report columns, which in our case are “ApplicationName” and “UserName”.
@Override
public Object getFieldValue(String fieldName) throws GeneralException {
if (fieldName.equals("ApplicationName")) {
return this.object.get("applicationName");
} else if (fieldName.equals("UserName")) {
return this.object.get("userName");
}
return null;
}
Once the code is compiled into a JAR file, save it to the following location: \webapps\identityiq\WEB-INF\lib
au.jar (4.5 KB)
By combining the task definition, report form, and Java code, this custom report will display a list of applications and their associated accounts. If an application is selected in the report form, the report will show accounts for that specific application; otherwise, it will display accounts for all applications.
Let’s execute our custom report now
- In our Report tab select the “au Details Report”
- Fill in the necessary details (e.g., name, application) and click “Save and Execute”
- Here is our custom report output
Conclusion
Custom reporting in SailPoint IdentityIQ is a powerful feature that allows organizations to tailor reports to their specific requirements, combine data from multiple sources, and automate report generation and distribution. By following the steps outlined in this blog post, you can create a custom report that displays applications and associated accounts, demonstrating the flexibility and extensibility of IdentityIQ’s reporting capabilities.
Refer to this SailPoint IdentityIQ Reports guide and Introduction to Reports for a detailed understanding of IdentityIQ reports.
If you found this blog helpful, don’t forget to like and share it with others who might benefit!