Need to auto-schedule and auto-generate reports before and after the certification, as well as auto-schedule certification events

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Hi All,

I hope everyone is doing well. We are seeking reference code or advice on how to implement the following automated processes:

  1. Auto-schedule and auto-generate OOTB (Out-of-the-Box) reports
  2. Auto-schedule certification events (in XML format)

Note: Currently, as part of our certification event process, we manually generate 4 OOTB reports before and after each certification.
We have a project/requirement to automate these steps. Please advise on how we can achieve this and provide any reference code if available.

Specifically, we need guidance on:

  • How to automatically schedule and generate the required OOTB reports.
  • How to automatically schedule certification events using XML.
  • Any best practices or considerations for implementing these automated processes.

Thank you in advance.

Regards,
VU

2

Hi Venugopala,

This is an excellent and common requirement for mature IdentityIQ implementations, especially around certification processes. Automating report generation and certification scheduling ensures compliance, reduces manual effort, and improves efficiency.

You can absolutely achieve this.

Answer to your 1st question:

Auto-Schedule and Auto-Generate OOTB Reports

IdentityIQ’s reports are essentially TaskDefinition objects in the backend. When you schedule a report in the UI, you’re creating a TaskSchedule object that references a TaskDefinition (the report template) and its parameters.

How to Automate:

The most common and effective way is to create a custom TaskDefinition of type “Run Rule” or “Execute Workflow” that then programmatically triggers the report generation tasks.

a. Create a Rule to Run Reports:

You’ll need a custom rule (type Rule - Task or a simple Rule if called from a workflow) that does the following:

  • Load Report TaskDefinition: Get the TaskDefinition object for each OOTB report you want to run.
  • Create/Update TaskSchedule: Create a TaskSchedule object (or modify an existing one) for each report.
  • Set Parameters: Set the necessary parameters for the report (e.g., startDate, endDate, applicationName, certificationName, outputFormat (PDF/CSV)).
  • Run the Task: Execute the TaskSchedule.

Reference Code Example (Simplified Beanshell Rule):

This example shows how to run a report programmatically. You’d adapt this for each of your 4 reports.

import sailpoint.api.SailPointContext;
import sailpoint.object.TaskDefinition;
import sailpoint.object.TaskSchedule;
import sailpoint.object.Attributes;
import sailpoint.tools.GeneralException;
import java.util.Date;
import org.apache.log4j.Logger;

Logger log = Logger.getLogger("Rule.AutomateReportGeneration");

public String execute() throws GeneralException {
    String status = "SUCCESS";

    // --- Report 1: Example - "All Violations" Report ---
    String report1Name = "All Violations"; // This is the TaskDefinition name for the OOTB report
    String report1OutputName = "My_Certification_All_Violations_" + new Date().getTime(); // Unique name for the generated report instance

    try {
        TaskDefinition report1Def = context.getObject(TaskDefinition.class, report1Name);
        if (report1Def == null) {
            log.error("TaskDefinition for report '" + report1Name + "' not found.");
            status = "FAILED - Report 1 not found";
        } else {
            TaskSchedule report1Schedule = new TaskSchedule();
            report1Schedule.setName(report1OutputName);
            report1Schedule.setDefinition(report1Def);
            report1Schedule.setExclusive(true); // Don't allow multiple instances to run at once

            // Set Report Parameters (VERY IMPORTANT - these match the report's parameters)
            Attributes<String, Object> report1Args = new Attributes<>();
            // Example parameters for an All Violations report (adjust as per actual report)
            // You'll need to know the exact parameter names for your OOTB reports
            report1Args.put("reportTitle", "Certification Compliance Violations");
            report1Args.put("outputFormat", "PDF"); // Or "CSV"
            report1Args.put("certifications", "My_Certification_Campaign_Name"); // If report filters by certification name
            // Add any other specific filters or date ranges
            // For dates, you might calculate based on current time:
            // report1Args.put("startDate", DateUtils.addDays(new Date(), -30)); // Last 30 days
            // report1Args.put("endDate", new Date());

            report1Schedule.setArguments(report1Args);

            // Save and execute the task
            context.saveObject(report1Schedule);
            context.commitTransaction(); // Commit the schedule to the DB

            log.info("Scheduling report '" + report1Name + "' as '" + report1OutputName + "'.");
            context.startRequest(report1Schedule); // This actually runs the task
            log.info("Report '" + report1OutputName + "' has been triggered.");
        }
    } catch (Exception e) {
        log.error("Error generating report '" + report1Name + "': " + e.getMessage(), e);
        status = "FAILED - Report 1 Error";
    }

    // --- Repeat similar blocks for your other 3 OOTB reports ---
    // Ensure unique names for each generated report instance.

    return status;
}

Schedule the Rule Execution:

  1. Create a TaskDefinition of type “Run Rule”:
  • Go to Setup > Tasks > Task Definitions.
  • Create a new TaskDefinition.
  • Type: Select Run Rule.
  • Rule: Select the custom rule you created in step (a).
  1. Create a TaskSchedule for this “Run Rule” Task:
  • Go to Setup > Tasks > Task Schedules.
  • Create a new schedule referencing your “Run Rule” TaskDefinition.
  • Set the desired frequency (e.g., daily, weekly, specific times).

Dependencies: If reports depend on fresh data, ensure they run after aggregations, identity refreshes, or policy scans.

1 Like
3

Auto-Schedule Certification Events (in XML format)

This implies you want to either:
A. Create/Update Certification Campaigns programmatically using their XML definitions.
B. Launch existing Certification Campaigns on a schedule.

The most common approach for automating recurring certifications is B, where you define the campaign once and then trigger its activation.

a. Define Certification Campaign XML:

  • Create your certification campaign in the UI first.
  • Export the Certification object to XML using the export console command or the UI (Global Settings > Import/Export). This gives you the template.
  • Ensure the XML is generic enough (e.g., not hardcoding specific start/end dates for each run if it’s recurring).

b. Automate Scheduling/Activation:

You have a few options for how to kick off a certification:

Option 1 (Recommended for Recurring Campaigns): Use TaskDefinition and TaskSchedule directly.

For recurring certification campaigns, IdentityIQ already has a built-in mechanism:

  1. Create/Configure your Certification object:
  • Go to Certifications > Certification Campaigns.
  • Create or edit your campaign.
  • Crucially, in the Schedule section, configure the recurring schedule (e.g., “Monthly,” “Weekly”).
  • Set the “Activation Date” (this is when it starts).
  • Do not rely on manual “Launch” button. IdentityIQ will automatically launch campaigns configured with a schedule.
  1. No XML Import needed for scheduling: If you configure the schedule directly in the Certification object’s XML (or UI), IdentityIQ handles the activation when the scheduled time arrives.

Option 2 (For Ad-hoc or Event-Driven Campaigns): Use a Rule to Launch Certification.

If you need to launch a certification based on a specific event (e.g., after a major data load, or as part of a larger workflow), you can use a rule similar to how you run reports:


import sailpoint.api.SailPointContext;
import sailpoint.object.Certification;
import sailpoint.object.TaskDefinition;
import sailpoint.object.TaskSchedule;
import sailpoint.object.Attributes;
import sailpoint.object.Application; // Example: if your cert is tied to an app
import java.util.List;
import java.util.Date;
import org.apache.log4j.Logger;

Logger log = Logger.getLogger("Rule.AutomateCertificationLaunch");

public String execute() throws GeneralException {
    String status = "SUCCESS";
    String certName = "My Quarterly Certification Campaign"; // Name of your Certification object

    try {
        Certification cert = context.getObject(Certification.class, certName);
        if (cert == null) {
            log.error("Certification campaign '" + certName + "' not found.");
            status = "FAILED - Certification not found";
        } else {
            // Check if certification is already active or in progress
            if (cert.getStatus() == Certification.Status.ACTIVE || cert.getStatus() == Certification.Status.REVIEW || cert.getStatus() == Certification.Status.REMEDIATING) {
                log.warn("Certification '" + certName + "' is already active or in progress. Skipping launch.");
                status = "SKIPPED - Already active";
            } else {
                // If you want to reset and launch, you might need to call reset first.
                // cert.reset(); // Use with caution! This clears existing data.
                // context.saveObject(cert);
                // context.commitTransaction();

                log.info("Launching certification '" + certName + "'.");
                context.launchCertification(cert); // This is the API call to launch a certification
                log.info("Certification '" + certName + "' has been launched.");
            }
        }
    } catch (Exception e) {
        log.error("Error launching certification '" + certName + "': " + e.getMessage(), e);
        status = "FAILED - Certification Launch Error";
    }

    return status;
}

You would then schedule this rule via a TaskSchedule of a Run Rule TaskDefinition, just like with reports.

1 Like
4

Hi @pattabhi - Thank you for your inputs. we will try ur input and come back to you if we stuck. Once again thank you very much for ur inputs. :slight_smile:

1 Like
5

Hi @pattabhi : Can we launch the new certification automatically using xml code by passing necessary parameters?

7

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.