I am a complete newbie to IIQ. I have no Java experience . Till now I have learnt how to onboard delimited files as well as JDBC application. I have configured a target MySQL application. Test connection is successful . I have seven identities in Identity warehouse.
I have a table, Target_employee in MySQL application having columns FName, LName and EmpID. Now I want to write records to this target application from all seven identities. I am stuck from many days, how to do this ? I have asked chatgpt also, but no clear and workable solution
I have three questions :
Is a new record necessary in source table to trigger joiner event ?
Is there any way (please tell step by step) how I can insert all identities in Target_employee table
Is Java mandatory to learn first to write any rules before exploring any IIQ topics ?
Is a new record necessary in source table to trigger joiner event ?
The Joiner workflow in SailPoint IIQ is typically triggered based on Lifecycle Events. Generally, when a new identity record is aggregated from the source system into SailPoint, it meets the condition for the Joiner event, which then initiates the Joiner workflow. So yes, a new record in the source table is usually required to trigger this event, assuming the lifecycle configuration is set up correctly.
Is there any way (please tell step by step) how I can insert all identities in Target_employee table
There are two main ways to achieve this, depending on how your application (e.g., MySQL) is configured:
Option 1: Manual Request via Manage Access
Navigate to Manage Access in the SailPoint IIQ UI.
Select Manage Account.
Choose the required Identity.
Click on Request Account.
Select the target application (e.g., MySQL).
Submit the request to provision the account.
Option 2: Role-Based Provisioning
Define Business Roles and/or IT Roles that include provisioning to the MySQL application.
Assign the appropriate role(s) to the identities you want to provision.
Once the role is assigned and approved, the provisioning process will create the accounts in the target application (Target_employee table).
In both cases, ensure that a Create Provisioning Policy is properly configured for the application (MySQL). This policy defines the attributes and logic used during account creation.
In both cases, ensure that a Create Provisioning Policy is properly configured for the application (MySQL).
Is Java mandatory to learn first to write any rules before exploring any IIQ topics ?
You don’t need to master Java before exploring SailPoint IIQ, but basic Java knowledge is definitely helpful, especially when working with rules.
It’s recommended to first get familiar with IIQ’s features and workflows. Once you understand the platform, you can gradually learn the Java basics needed to write and customize rules. Getting Started with SailPoint IIQ Development this blog will help you to learn the IIQ development.
Role based provisioning I have tried but no row is getting inserted in target table, I have tried changing rule n no of times using chatgpt and copilot but no use,
public ProvisioningPlan buildProvisioningPlan(Identity identity) {
ProvisioningPlan plan = new ProvisioningPlan();
AccountRequest accReq = new AccountRequest();
Go to Global setting—>Quicklink Population—>select Self Service—>clcik the quicklink tab—>select the Manage Accounts configure—> select the highlighted option and save.
Go to Lifecycle Manager—>configure—>Select the MYSQL application
Once both configurations are completed, the “Request Account” option will become available under Manage Access, allowing users to request accounts for the selected application.
For JDBC application, you have to define the Global provisioning rule or Create provisioning rule. Please refer the sample rule for JDBC.
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.sql.Types;
import java.util.List;
import sailpoint.api.SailPointContext;
import sailpoint.connector.JDBCConnector;
import sailpoint.object.Application;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningResult;
import sailpoint.object.Schema;
import sailpoint.tools.xml.XMLObjectFactory;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.logging.Log;
public String getAttributeRequestValue(AccountRequest acctReq, String attribute) {
if ( acctReq != null ) {
AttributeRequest attrReq = acctReq.getAttributeRequest(attribute);
if ( attrReq != null ) {
return attrReq.getValue();
}
}
return null;
}
AccountRequest acctRequest = (AccountRequest) request;
ProvisioningResult result = new ProvisioningResult();
try {
//Ideally we should first check to see if the account already exists.
//As written, this just assumes it does not.
log.debug( "Operation [" + acctRequest.getOperation() + "] detected." );
PreparedStatement statement = connection.prepareStatement( "insert into users (login,first,last,role,status) values (?,?,?,?,?)" );
statement.setString (1, (String) acctRequest.getNativeIdentity() );
statement.setString (2, getAttributeRequestValue(acctRequest,"first") );
statement.setString (3, getAttributeRequestValue(acctRequest,"last") );
statement.setString (4, getAttributeRequestValue(acctRequest,"role") );
statement.setString (5, getAttributeRequestValue(acctRequest,"status") );
statement.executeUpdate();
result.setStatus( ProvisioningResult.STATUS_COMMITTED );
}
catch( SQLException e ) {
log.error( e );
result.setStatus( ProvisioningResult.STATUS_FAILED );
result.addError( e );
}
log.debug( "result [" + result.toXml(false)+ "]");
return result;
Just to clear the queries of this particular problem -
Request Account is grayed out , In order to enable it , Verify the Quicklink settings and then you have to enable the options from Lifecycle Manager , Look in to below setting in Lifecycle Manager -
Role Based Provisioning - Will come to basic first , since you are still exploring . Go with the account only Provisioning after enabling above setting . In order to get it to work , You would have to define the create provisioning rule or Global Provisioning Rule . In this rule , you would have to fetch the details from provisioning plan and hit the database using insert query . Whatever attributes needed for provisioning , Either you can define create provisioning policies or directly fetch the data in Create provisioning rule using API etc as per your requirement . You would get ample of examples with in the community for same .
Also for basic understanding of java , Go with some online tutorials . It is needed to write the rules . Explore sailpoint API’s , it will be needed to play in IIQ. Hope this helps little bit . Feel free to reach out in case you need further help .
and still request account is grayed out. However your rule is useful, at last after 10 days of struggle, after using manage access, a row appeared in target_employee table finally ! Thanks !
@harsh_gupta4 Thanks buddy ! Which topics should be learned first sequentially? Currently I know application onboarding, roles etc . Should I start with Beanshell first ? Any reco for a free course or a good youtube channel playlist ?
Thanks !
