Hi All,
We have a requirement to provide flexibility for application owners to update entitlement descriptions in SailPoint.
I am considering two options:
Could you please suggest any ideas or approaches to achieve this requirement?
Thanks in advance!
You can use custom form in SailPoint to do this. You can use field of type ManagedAttribute as shown below for entitlement selection. In my case I am allowing selecting any entitlements of application type AD Direct. You can also use an application object selection before this field and use the selected value to filter entitlements from a particular application selected or any other logic in case you want to filter entitlements for updating description.
<Field displayName="Select AD Group" helpKey="Select Existing AD Group." name="groupName" postBack="true" required="true" type="ManagedAttribute">
<Attributes>
<Map>
<entry key="hidden">
<value>
<Script>
<Source>
String appType = "Active Directory - Direct";
String grpType= "group";
field.setFilterString("(application.type == \""+appType+"\" && type == \"" + grpType + "\")");
return false;
</Source>
</Script>
</value>
</entry>
<entry key="valueProperty" value="id"/>
</Map>
</Attributes>
</Field>
If you have a lot of these to do, I would suggest the following:
See if the Description is available as a field in the Entitlement Aggregation. Many sources have a field for this value. If it is not configured or misconfigured in your environment, setting this up is the best approach. It allows the application owner to maintain a consistent description.
If that is not an option, I would consider writing a rule or plugin that would take in a CSV file with columns for entitlement name, ID and Descriptions, then processing this to update the values. You can provide the CSV file with the name/id columns to the Application owners, then they can add the descriptions. Then you can use the rule/plugin to read the data from the CSV and update the Entitlement. This is similar to how it is done in ISC with the built in process.
Custom Workflow with Form would be my last suggestion, unless you only had a few of them to do. Using a form to Bulk update Descriptions would take a while. If you do decide to, I would add an entitlement selection dropdown and populate it with the entitlements, or have it search based on the name entered by the user. Once the correct one is fund, you can allow the user to enter a new description for that specific entitlement, and then once they submit the form, you would use that data in the workflow to process it and update the entitlement.
As for the specifics of how to do each of those, I will leave that up to you to research and try. If you run into issues, let us know what issue you are having and what you have tried, and we can try and assist.
Thank you Sanjeev,
Thank you Geoff Milunich for your suggestions.
After discussions with the internal team, we have decided to focus on only newly created entitlements that have empty descriptions for now.
Example: A new entitlement is created for the SAP application in entitlement catlog without a description. To address this, we are planning to implement a schedule task (one-run rule) that will execute daily and send email notifications to the owner. The email will include instructions on how to update entitlement descriptions. Owners can log in to SailPoint, click on QuickLink, and see only his application entitlements that do not have descriptions.
I have built a form that queries the database table to identify entitlements with empty descriptions. The form automatically generates sections and fields to display the relevant data. For reference, I am attaching a screenshot and code example.
Current Issue: When I generate fields and sections automatically and adding to form the default buttons (Submit and Cancel) are being removed.
Screen Shot 1:
Workflow Code:
WFCode.xml (12.4 KB)
Could you please provide your suggestions on how to resolve this issue?
Hi @puppamReddy
I think the issue might be too big from. I think you should implement it in a different way e.g:
Put Entitlemens in a list or map and. Do a multivalue field with entitlement names. This will result in a dropdown list for user to select entitlement. You can add dynamic field with with description. After editing, user can submit changes and then you can update entitlement and show again the same form.
Thank Piotr,
I tested a small application with two entitlements and encountered the same problem—buttons are disappearing.
It looks like you are trying to recreate the most from inside the form itself, which is likely leading to your issues. I would try getting the original form and just adding the fields for the attributes to that, and re-displaying it. EDIT: Removed ISC Reference.
EDIT: It looks like you may be trying to follow this IIQ suggestion in the first post for creating the form dynamically:
I would consider creating the form dynamically in an initial step like @patrickboston suggests, then use it in the following step.
Additionally, you are recreating the buttons that you already have created, so there may be some issue with those conflicting with eachother. i would remove the buttons from the custom code and leave the ones on the original form and try that.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
