Custom Target Certification Creation using Script with custom emails

AshrithaGampa · August 22, 2025, 8:00am

Attaching my entire rule here for your reference to know what I did.

Added entitlement criteria as an application but still I can’t see those access in the generated certification view page

try {
String identityName = “XYZ”;
String certifierName = “CertifierName”;

Map entityFilterMap = new HashMap();
List listOfMapsEntity = new ArrayList();
Map entitlementFilterMap = new HashMap();
List listOfMapsEntitlements = new ArrayList();
CertificationDefinition template = null;
CertificationDefinition certDefinition = null;

  if(identityName!=null && certifierName!= null) {
    String certName = "Custom Target Cert for " + identityName;
    DateFormat dateformat = new SimpleDateFormat(“MM-dd-yyyy HH:mm:ss”);
    Date date = new Date();
    String certificationName = certName + “-” + dateformat.format(date);

template = context.getObjectByName(CertificationDefinition.class,
“Targeted Certification [13/8/25 1:40 PM]”);

CertificationDefinition certDefinition = (CertificationDefinition) XMLObjectFactory.getInstance()
.cloneWithoutId(template, (XMLReferenceResolver) context);
Identity ownerIdentity = context.getObjectByName(Identity.class, “spadmin”);

    String currentTime = java.time.LocalTime.now().toString();
    entityFilterMap.put(“operation”, “Equals”);
    entityFilterMap.put(“property”, “name”);
    entityFilterMap.put(“value”, identityName);
    listOfMapsEntity.add(entityFilterMap); //identity to certify
    
    
    entitlementFilterMap.put(“operation”, “Equals”);
    entitlementFilterMap.put(“property”, “application”);
    entitlementFilterMap.put(“value”, “Active Directory Application”);
    listOfMapsEntitlements.add(entitlementFilterMap);

certDefinition.setEntitlementFilterValues(listOfMapsEntitlements);
certDefinition.setEntitlementFilter(Filter.eq(“application.name”, “Active Directory Application”));
certDefinition.setEntitlementGranularity(EntitlementGranularity.Value);
certDefinition.setCertifyAccounts(false);
certDefinition.setIncludeRoles(false);
certDefinition.setIncludeAdditionalEntitlements(true);
certDefinition.setIncludeEntitlementsGrantedByRoles(true);
certDefinition.setIncludePolicyViolations(false);
certDefinition.setIncludeTargetPermissions(true);
certDefinition.setCertifyEmptyAccounts(true);
certDefinition.setType(Type.Focused);
certDefinition.setEntityFilterValues(listOfMapsEntity);
certDefinition.setEntityFilter(Filter.eq(“name”, identityName));
certDefinition.setEntitySelectionType(“Filter”);
certDefinition.setAttribute(“owners”, ownerIdentity);
certDefinition.setAttribute(“identities”, identityName);

certDefinition.setName(certName + " - " + currentTime);
certDefinition.setAllowItemDelegation(true);
// certDefinition.setAllowAccountRevocation(true);
// certDefinition.setSuppressInitialNotification(true);
certDefinition.setDelegationForwardingDisabled(false);
certDefinition.setCertificationOwner(ownerIdentity);
certDefinition.setOwner(ownerIdentity);
certDefinition.setCertifierName(certifierName);
certDefinition.setCertifierSelectionType(CertificationDefinition.CertifierSelectionType.Manual);
certDefinition.setNameTemplate(certificationName);
certDefinition.setCertificationNameTemplate(certName + " - ${fullDate}“);
certDefinition.setShortNameTemplate(certName + " - ${fullDate}”);
certDefinition.setStagingEnabled(false);
certDefinition.setBackupCertifierName(“IIQADMIN”);
certDefinition.setProcessRevokesImmediately(false);

    context.saveObject(certDefinition);
    context.commitTransaction();

CertificationSchedule certSchedule = new CertificationSchedule(context, ownerIdentity,
certDefinition);
certSchedule.setRunNow(true);
CertificationScheduler scheduler = new CertificationScheduler(context);
TaskSchedule taskSchedule = scheduler.saveSchedule(certSchedule, false);
System.out.println(“:SCHEDULED CERTIFICATION:::::”);
}
}
catch (Exception e) {
e.printStackTrace();
System.out.println(
“Below exception occurred during generation of access review for identity”);
System.out.println(e.getMessage());
}
}

As per above code it has to show XYZ user Active Directory access in the certification

entity page but instead of that it is showing other accounts that were linked to xyz user.

Thanks,

Ashritha.

Topic		Replies	Views
Is there any ways to create the certification in Identityiq IIQ Discussion and Questions rules , identityiq , certifications	3	39	January 13, 2025
Call certification event template in rule IIQ Discussion and Questions identityiq , certifications	9	973	July 21, 2023
Creating a certification from a rule IIQ Discussion and Questions rules , certifications	17	2158	July 22, 2023
Reassignment in Targeted Certification using certifier rule IIQ Discussion and Questions identityiq	11	88	July 21, 2025
Targeted Certification shows Nothing to certify IIQ Discussion and Questions identityiq , certifications	3	72	June 23, 2025

Custom Target Certification Creation using Script with custom emails

Related topics