Hi All,
I’m new to the SailPoint IIQ coding . There one requirement from the client for that i was working.
I was trying to get the three different applications/Links with some application attribute and need to compair those attributes.
I have attached the rule which l’m trying to implement. Can we get those attributes in the different methos?
Thanks
Appliaction.txt (1.7 KB)
@GutteStolt could you provide more details? Specifically, what are the three attributes you want to compare, and how do you want to compare them? Are you looking for a comparison where all three dates must be equal to return true, otherwise false?
From your rule, it seems you’re fetching “EffectiveStartDate” from the “Oracle HCM” link and “ast_login_time” from the “ServiceNow” link. What is the third attribute? Additionally, where do you intend to apply this rule?
Hello @Arpitha1 ,
Thanks for the replay.
The actual requirement is we have AD admin accounts in prod, if one person is have more then one AD admin accounts assign then the normal account need to a part of one specific AD group.
For Example.
one identity abcADM account in ADadmin account(prod)
abcADM account in ADadmin UAT account
abcADM account in ADadmin Dev account
So if an user has an abcADM account in 1 or more “AD - Admin Accounts”, the normal accounts need to be in a specific AD group. Like this Abc-AD-ADM”?
These application are onboarded in only production that what i was trying to other application in dev.
Thanks
Hi @GutteStolt ,
If I understand your requirement correctly, you are looking to identify users who have one or more Active Directory (AD) admin accounts. Once such a user is found, you would like to add them to a specific AD group for normal accounts. Is that correct?
If this is indeed the requirement, the process would involve building a provisioning plan to assign the group to normal account.
Please refer the below plan for reference.
Identity identity = context.getObjectByName(Identity.class, "abc");
Application application = context.getObjectByName(Application.class, "AD");
ProvisioningPlan plan = new ProvisioningPlan();
AccountRequest accReq = new AccountRequest();
accReq.setApplication("AD");
accReq.setOperation(ProvisioningPlan.AccountRequest.Operation.Modify);
plan.setIdentity(identity);
IdentityService idSvc = new IdentityService(context);
List links = idSvc.getLinks(identity, application); // Added type safety for links
if (links != null && !links.isEmpty()) {
String nativeIdentity = null; // Initialize variable to hold nativeIdentity
for (Link adLink : links) {
if (adLink.getNativeIdentity() != null && !adLink.getNativeIdentity().toLowerCase().contains("ou=admin")) {
nativeIdentity = adLink.getNativeIdentity();
}
if (adLink.getNativeIdentity() != null &&
adLink.getNativeIdentity().toLowerCase().contains("ou=admin")) {
accReq.add(new AttributeRequest("memberOf", ProvisioningPlan.Operation.Add, "Abc-AD-ADM"));
}
}
accReq.setNativeIdentity(nativeIdentity);
plan.add(accReq);
}
Provisioner provisioner = new Provisioner(context);
provisioner.compile(plan);
provisioner.execute();
@GutteStolt Can you try this rule
Rule-GroupProvision.xml (2.7 KB)
Make sure to update below details in the rule
If this works for an user, they you can modify to execute for all users
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
