Get the create account attributes

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Which IIQ version are you inquiring about?

8.4

We have a requirement that approver should see all the create account attributes.

Scenario:

When a user requests access to an application for the first time, they will have to fill out a provisioning form coming from the provisioning policies.

We need the approver to check those attributes.

So my first try is build a rule to try to get the attributes but its not available in the plan:

import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

Log serilog = LogFactory.getLog("sailpoint.AccountRequest.WorkflowRule");
serilog.debug("Starting the script.");

try {
    // Retrieve the provisioning plan from the workflow
    ProvisioningPlan plan = workflow.get("plan");
    
    if (plan != null) {
        serilog.debug("ProvisioningPlan retrieved.");

        // Retrieve the list of account requests
        List accountRequests = plan.getAccountRequests();
        
        if (accountRequests != null) {
            if (!accountRequests.isEmpty()) {
                serilog.debug("Number of AccountRequests: " + accountRequests.size());

                // Iterate through each account request
                for (AccountRequest accountRequest : accountRequests) {
                    String applicationName = accountRequest.getApplicationName();
                    serilog.debug("Processing AccountRequest for application: " + applicationName);
                    
                    List attributeRequests = accountRequest.getAttributeRequests();
                    
                    if (attributeRequests != null) {
                        serilog.debug("Number of AttributeRequests: " + attributeRequests.size());

                        // Iterate through each attribute request
                        for (AttributeRequest attributeRequest : attributeRequests) {
                            String attributeName = attributeRequest.getName();
                            Object attributeValue = attributeRequest.getValue();
                            String operation = attributeRequest.getOperation().toString();

                            // Log detailed information about the attribute request
                            serilog.debug("AttributeRequest - Name: " + attributeName + 
                                          ", Value: " + attributeValue + 
                                          ", Operation: " + operation);
                        }
                    } else {
                        serilog.warn("AttributeRequests list is null for application: " + applicationName);
                    }
                }
            } else {
                serilog.warn("No AccountRequests found in the ProvisioningPlan.");
            }
        } else {
            serilog.warn("AccountRequests list is null.");
        }
    } else {
        serilog.warn("ProvisioningPlan is null.");
    }
} catch (Exception e) {
    serilog.error("Error in script", e);
}

The logs states the following:

2024-08-29T00:36:40,032 DEBUG https-jsse-nio-443-exec-9 sailpoint.AccountRequest.WorkflowRule:166 - Starting the script.
2024-08-29T00:36:40,032 DEBUG https-jsse-nio-443-exec-9 sailpoint.AccountRequest.WorkflowRule:166 - ProvisioningPlan retrieved.
2024-08-29T00:36:40,032 DEBUG https-jsse-nio-443-exec-9 sailpoint.AccountRequest.WorkflowRule:166 - Number of AccountRequests: 1
2024-08-29T00:36:40,032 DEBUG https-jsse-nio-443-exec-9 sailpoint.AccountRequest.WorkflowRule:166 - Processing AccountRequest for application: Lebara 360
2024-08-29T00:36:40,032 DEBUG https-jsse-nio-443-exec-9 sailpoint.AccountRequest.WorkflowRule:166 - Number of AttributeRequests: 1
2024-08-29T00:36:40,032 DEBUG https-jsse-nio-443-exec-9 sailpoint.AccountRequest.WorkflowRule:166 - AttributeRequest - Name: role, Value: 11, Operation: Add

As shown in the logs its only showing the request of the role but no other attributes.

How could a I reach those attributes.

2

Hi @AhmedWaleed,

it could depend when and for which WF you are launching this rule.

You can print the plan directly to show it, with:

import sailpoint.tools.xml.XMLObjectFactory;

serilog.debug(plan.toXml());
3

I think, these attribute request will be in the provisioning plan post approval only. You need to check the master plan. Also it’s depend on how you are passing the form data to workflow.

4

So I was able to get the attributes but i want to retrieve the data from the form if its edited and add it to the provisioning plan

5

Approvers can se the users full request now if you want to appear on the approval itself you need to make the attribtues appear in the description of the approval , tha means you need to change the approval form an also put a rule to it.

6

So the only change i made is :

instead of workflow.get(“plan”);

i made it workflow.get("project);

and i got the plans from the project and it worked.