How to Access Native Change Detection (NCD) Objects from a Rule?

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Which IIQ version are you inquiring about?

[Replace this text with your version of IIQ. The more specific you can be (7.1, 8.3, 8.X), the more people can help. If you do not know, put Unsure.]

Hi everyone,

I recently implemented Native Change Detection (NCD) on a JDBC application and can see the detected changes under the Identity’s Events tab.

I’m trying to access these NCD events from a rule. I tried using Identity.getNativeChangeDetections(), but it always returns an empty list.

Has anyone worked with this before? Is there another way to retrieve Native Change Detection objects or access NCD event details within a rule?

Any suggestions or guidance would be greatly appreciated.

Thanks in advance!

Please share any images or screenshots, if relevant.

[Please insert images here, otherwise delete this section]

Please share any other relevant files that may be required (for example, logs).

[Please insert files here, otherwise delete this section]

Share all details about your problem, including any error messages you may have received.

[Replace this text with the problem that you are facing]

2

@RAMLAL157 I tried the same method and is returning result for me. I tried this:

  Identity idObj = context.getObjectByName(Identity.class, "Amanda.Ross");
  return idObj.getNativeChangeDetections();

where Identity has:

image
image2266×616 77.3 KB

Output came:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE List PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<List>
  <NativeChangeDetection application="PRISM" identity="Amanda.Ross" operation="Modify">
    <Differences>
      <Difference attribute="groups" displayName="groups" multi="true" newValue="[Manager,Super,TestPrism1]" oldValue="[Manager,Super,TestPrism1,TestPrism3]">
        <RemovedValues>
          <String>TestPrism3</String>
        </RemovedValues>
      </Difference>
    </Differences>
  </NativeChangeDetection>
</List>

In case this method doesn’t work, you can try getting triggerSnapshot.

  return idObj.getAttribute("triggerSnapshots").get("NativeChange");
3

If you’re getting empty value then NativeChangeDetection is not present on the identity.

to debug this follow below steps

  1. Enable the NativeChangeDetection on application configuration page.
  2. Create a new lifecycle event with Native trigger event, enable the life cycle event and config the workflow.
  3. Make changes to targeted user in end system and run the aggregation in SailPoint.
  4. Once aggregation is completed, make sure to check the Identity object from debug page by searching with word “Native”. If it is present then NativeChangeDetection is present for that user.
  5. If you found the triggerSnapahot on identity then run the IdentityRefresh task to trigger the native life cycle event workflow.

Note: follow the 1&2 steps, otherwise NativeChangeDetection wont work.

4

Hi @RAMLAL157

I have used a Workflow for my Native Change Detection Event and the below code works fine.

This event value is available as an input if you create a NCD workflow of type type=“IdentityLifecycle”. From this event you can get the nativechange list if NCD is triggered.

import sailpoint.object.NativeChangeDetection;
        if(null != event){
         List<NativeChangeDetection> nativeChangesList = event.getNativeChanges(); 	
         if(null != nativeChangesList && !nativeChangesList.isEmpty()) {
// Below is my custom method to process these NCDs.
           processNativeChange(nativeChangesList,identityName);
         }
		}

In order to trigger the NCD, you need to enable on application level and check the process events when you run the refresh of that identity where native changes have been done. Without this you wont get any native change and nothing will show up.