Leaver Notification Email to Certain Managers

chrisk · October 9, 2024, 7:05pm

We are using IIQ v8.3

I am being asked to have an email sent to the manager of any Leaver that belongs to a specific group of Identities, we don’t send leaver emails to managers in general.
I have a role, “Senior_Execs”, which is the group of people that need notified when a direct report is terminated.

I may be going in the complete wrong direction here and I’m hoping some of you EXPERTS can chime in on a different/better method or comment on where I may be going wrong with this idea.

Since the Role already exists, I found a post that mentioned using the LoopBack Connector to allow assigning all members of this Role to a Workgroup. (I’ll still need to figure out how to accomplish this!!)

Once the Workgroup is populated by all the members of the Role, I was going to put this block of code into my AfterProvisioningRule. We send some other emails from this area for IT tasks etc. during Leaver process.

I know you can read this better than I, but I’ll explain what I’m hopefully trying to do. This is pieced together from a few posts I found on here.

For the Identity being processed in the Leaver Workflow, I get the ManagerName and ManagerEmail.
I get the Workgroup and iterate through it looking to see if the manager is a member of this Workgroup.
If Manager is found in the Workgroup I then drop in and send the Termination Notice Email to the Manager.

Identity iden = context.getObjectByName(Identity.class,identityName);
String leavermgrname = iden.getManager().getDisplayName();
String leavermgremail = iden.getManager().getEmail();

Identity workgroup = context.getObjectByName(Identity.class, “Senior_Execs”);

If(workgroup.isWorkgroup()){
Iterator groupMembers = ObjectUtil.getWorkgroupMembers(context, workgroup, null);
While (groupMembers.hasNext()) {
	Object[] object = (Object[]) groupMembers.next();
        	Identity member = (Identity) object[0];
			if(member.getName().equals(leavermgrname)) {
					Map ExecDirectReportEmailArgs = new HashMap();
					ExecDirectReportEmailArgs.putAll(emailArgs);
					ExecDirectReportEmailArgs.put("to",leavermgremail);
					ExecDirectReportEmailArgs.put("emailTemplate","Leaver Executive Direct Report Email Template");	
					emailArgList.add(ExecDirectReportEmailArgs);	
					llogger.trace("Email Arg List prepared "+emailArgList);     
					workflow.put("emailArgList",emailArgList);
			}
	}
}

Am I headed in a logical/correct direction with all of this? Any thoughts suggestions are greatly appreciated!!

chrisk · October 9, 2024, 9:26pm

Still pushing forward with this, hoping it’s the correct way.
I got the loopback connector to populate the workgroup!

Got through a few errors but now stuck with this one, hopefully someone has some ideas!

Looks like I’m stuck at this line for some reason -
Iterator groupMembers = ObjectUtil.getWorkgroupMembers(context, workgroup, null);

Thanks!

2024-10-09T16:04:57,464 ERROR QuartzScheduler_Worker-1 sailpoint.task.IdentityRefreshExecutor:1649 - RefreshWorker 1 exception: BeanShell script error: bsh.ParseException: Parse error at line 608, column 10.  Encountered: groupMembers BSF info: SPCONF Leaver Rules Library at line: 0 column: columnNo
sailpoint.tools.GeneralException: BeanShell script error: bsh.ParseException: Parse error at line 608, column 10.  Encountered: groupMembers BSF info: SPCONF Leaver Rules Library at line: 0 column: columnNo
        at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:219) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.server.InternalContext.runRule(InternalContext.java:1268) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.server.InternalContext.runRule(InternalContext.java:1240) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.object.IdentityTrigger.matches(IdentityTrigger.java:457) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.api.Identitizer.matchTriggers(Identitizer.java:3208) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.api.Identitizer.processTriggers(Identitizer.java:3263) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.api.Identitizer.processTriggers(Identitizer.java:3246) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.api.Identitizer.finishRefresh(Identitizer.java:3090) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.api.Identitizer.refresh(Identitizer.java:2491) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.task.IdentityRefreshExecutor$RefreshWorker.refreshAndProcess(IdentityRefreshExecutor.java:1610) [identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.task.IdentityRefreshExecutor$RefreshWorkerPool.queue(IdentityRefreshExecutor.java:1928) [identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.task.IdentityRefreshExecutor.refresh(IdentityRefreshExecutor.java:1113) [identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.task.IdentityRefreshExecutor.execute(IdentityRefreshExecutor.java:856) [identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.api.TaskManager.runSync(TaskManager.java:909) [identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.api.TaskManager.runSync(TaskManager.java:724) [identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.scheduler.JobAdapter.execute(JobAdapter.java:128) [identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [quartz-2.3.2.jar:?]
        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [quartz-2.3.2.jar:?]
Caused by: org.apache.bsf.BSFException: BeanShell script error: bsh.ParseException: Parse error at line 608, column 10.  Encountered: groupMembers BSF info: SPCONF Leaver Rules Library at line: 0 column: columnNo
        at bsh.util.BeanShellBSFEngine.eval(BeanShellBSFEngine.java:202) ~[bsh-2.1.8.jar:2.1.8 2018-10-02 08:36:04]
        at org.apache.bsf.BSFManager$5.run(BSFManager.java:445) ~[bsf.jar:?]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_161]
        at org.apache.bsf.BSFManager.eval(BSFManager.java:442) ~[bsf.jar:?]
        at sailpoint.server.BSFRuleRunner.eval(BSFRuleRunner.java:245) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:203) ~[identityiq.jar:8.3 Build f4b330b4da3-20220427-175259]
        ... 17 more

rquku · October 10, 2024, 2:00am

It looks like you are using If and While not in a valid Java notation, just rewriting to if and while should do the job ,)
Also quotation marks seems odd to me, but that may just be a copy / paste error.

Br,
Renad

chrisk · October 10, 2024, 2:15pm

Sometimes it is the simplest of things!! Can’t thank you enough, that worked!

Thanks!

system · December 9, 2024, 2:15pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Send email to specific workgroup IIQ Discussion and Questions	2	2646	July 19, 2023
Customized Leaver Workflow not sending email IIQ Discussion and Questions workflows , identityiq	6	83	November 1, 2024
Workflow for Role Owner Termination ISC Discussion and Questions workflows , identity-security-cloud , roles	9	496	December 30, 2023
To send email notification if a owner of an entitlements get terminated or disabled IIQ Discussion and Questions identityiq	12	436	March 17, 2024
Limit Email Sending for Exception Identites IIQ Discussion and Questions email-templates , identityiq , lifecycle-management	3	27	January 6, 2025

Leaver Notification Email to Certain Managers

Related topics