How to Filter Entitlements by Classification in QuickLink

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Version

8.4

Images

1913×319 19.6 KB

Classifications Assigned
Classifications Assigned853×455 21.3 KB

Script Input
Script Input1895×864 56.5 KB

Describe & Question

Hi everyone,
I’ve assigned classifications to my entitlements (e.g., “Protected Health Information”).
Now, I’d like to filter entitlements shown in the QuickLink, so that users can only remove entitlements that are classified as “Protected Health Information”.

Is there a way to apply such a filter in the QuickLink configuration?
Any guidance would be appreciated. Thank you!

Identity Entitlement

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE IdentityEntitlement PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<IdentityEntitlement aggregationState="Disconnected" assigner="test test" assignmentId="63b8d1d203fb4967bd8fe7a3adc47376" created="1747303957566" id="7f00010196cc1fd18196d36e843d08f2" modified="1747303958031" name="groups" nativeIdentity="uid=user1,cn=users,dc=sailpoint,dc=com" significantModified="1747303958031" source="LCM" type="Entitlement" value="cn=developer2,ou=groups,dc=test,dc=local">
  <ApplicationRef>
    <Reference class="sailpoint.object.Application" id="7f00010196cc1fd18196d1ff7fc80493" name="Test LDAP"/>
  </ApplicationRef>
  <IdentityRef>
    <Reference class="sailpoint.object.Identity" id="7f000101968016448196859252080199" name="testuser007"/>
  </IdentityRef>
  <PendingRequestItem>
    <Reference class="sailpoint.object.IdentityRequestItem" id="7f00010196cc1fd18196d36da8ad08ea"/>
  </PendingRequestItem>
</IdentityEntitlement>

ManagedAttribute

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ManagedAttribute PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ManagedAttribute aggregated="true" attribute="groups" created="1747294377251" displayName="Test" hash="e7d9de5171455ffc92b685a38dddc6353f78e732" id="7f00010196cc1fd18196d2dc552107c6" lastRefresh="1747294377281" modified="1747301585956" significantModified="1747301585956" type="group" value="cn=developer2,ou=groups,dc=test,dc=local">
  <ApplicationRef>
    <Reference class="sailpoint.object.Application" id="7f00010196cc1fd18196d1ff7fc80493" name="Test LDAP"/>
  </ApplicationRef>
  <Attributes>
    <Map>
      <entry key="cn">
        <value>
          <List>
            <String>Test</String>
            <String>developer2</String>
          </List>
        </value>
      </entry>
      <entry key="member" value="uid=john,ou=users,dc=test,dc=local"/>
      <entry key="sysDescriptions">
        <value>
          <Map>
            <entry key="en_US"/>
          </Map>
        </value>
      </entry>
    </Map>
  </Attributes>
  <Classifications>
    <ObjectClassification created="1747295562092" id="7f00010196cc1fd18196d2ee696c07f4" ownerId="7f00010196cc1fd18196d2dc552107c6" ownerType="ManagedAttribute" source="UI">
      <ReferencedClassification>
        <Reference class="sailpoint.object.Classification" id="7f00010196cc1fd18196d2ed92cd07f1" name="PHI"/>
      </ReferencedClassification>
    </ObjectClassification>
  </Classifications>
</ManagedAttribute>
2

@fewthiraphat

it looks like possible based on documentation

Working with Classifications in IdentityIQ

OpenClassifications in Advanced Analytics
In the Advanced Analytics page, you can search for roles and entitlements using classifications as search criteria.

Click Intelligence > Advanced Analytics.

Choose Role or Entitlement as the Search Type.

Choose a classification to search on, from the dropdown.

If you want to see classification details in your search results, select Classifications in the Fields to Display panel.

Click Run Search.

Filter should be

classifications.classification.name == "test"

either you can add this filter in identitySelector or directly in Field query.

try and let me know.

2 Likes
3

Thank you @pravin_ranjan It works :smiley:

1 Like