Post Certification

Hii, I want when certification completed then for those accounts for whom decision has been not taken then if the user is belongs to normal account then his groups will be removed else if user belongs to service account then their groups will be there.
please tell me the approach

1 Like

Hi @Shubhangani , Welcome to Developer Community!

This situation appears to be quite complex, and I must admit that I have never personally encountered anything like it in real life. However, it might be worth experimenting with the “Enable Automatic Closing” option to see if it helps streamline the process. Exploring this feature could potentially provide insights or solutions that we haven’t considered yet.

Thanks,
@SivaLankapalli

yes i was doing that only and using given rule but not working can you plz check it once . I am adding this rule in “closing rule”.

import sailpoint.object.*;
import sailpoint.api.CertificationUtil;
import java.util.List;

Certification certification = (Certification) arguments.get(“certification”);

List items = certification.getCertificationItems(); // Correct method!
log.error("certifications :: "+items);
for (CertificationItem item : items) {
Identity identity = item.getIdentity();
if (identity != null) {
Boolean isServiceAccount = (Boolean) identity.getAttribute(“isServiceAccount”);
if (isServiceAccount != null && isServiceAccount) {

        item.setDecision(CertificationItem.DECISION_APPROVE);
      log.error("approve");
    } else {
        item.setDecision(CertificationItem.DECISION_REVOKE);
       log.error("remove");
    }
}

}

Hi @Shubhangani_Kharayat,

I have never tried to approve or revoke. However, I did set some other attributes using similar code.

  import sailpoint.object.Certification; 
  import sailpoint.object.CertificationEntity;
  import sailpoint.object.CertificationItem;
  import sailpoint.object.AbstractCertificationItem;

  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;

  Log log = LogFactory.getLog("org.***.common.uar");

  log.info("Certification Automatic Closing Rule || Initialised for the Certification --> " + certification.getCertificationName());

  List <CertificationEntity> certificationEntityObject = certification.getEntities();
  
  for(CertificationEntity certificationEnity : certificationEntityObject){
    List <CertificationItem> certificationItems = certificationEnity.getItems();
    for(CertificationItem certificationItem : certificationItems){
      if(certificationItem.getSummaryStatus().equals(AbstractCertificationItem.Status.Open)){
        log.debug(certification.getCertificationName() + " || Certification Automatic Closing Rule || Certification Items Status --> " + certificationEnity.getSummaryStatus());
        certificationItem.setAction(******);
       // explore this method.
        
      } 
    }
  }

  log.info("Certification Automatic Closing Rule || Finished for the Certification --> " + certification.getCertificationName());

I believe you might need to approve the work items as well. If the above is not fully resolved.

Let me know how it’s worked.

Thanks,
@SivaLankapalli


for this rule
import sailpoint.object.Certification;
import sailpoint.object.CertificationEntity;
import sailpoint.object.CertificationItem;
import sailpoint.object.AbstractCertificationItem;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

Log log = LogFactory.getLog(“org.example.common.uar”);

log.error("Certification Automatic Closing Rule || Initialized for the Certification → " + certification.getCertificationName());

List certificationEntityObject = certification.getEntities();

for (CertificationEntity certificationEntity : certificationEntityObject) {
List certificationItems = certificationEntity.getItems();

for (CertificationItem certificationItem : certificationItems) {
    if (certificationItem.getSummaryStatus().equals(AbstractCertificationItem.Status.Open)) {
        log.error(certification.getCertificationName() + 
                  " || Certification Automatic Closing Rule || Certification Item Status --> " + 
                  certificationItem.getSummaryStatus());

        Boolean isServiceAccount = (Boolean) certificationItem.getAttribute("isServiceAccount");

        if (isServiceAccount != null && isServiceAccount) {
            // Service Account -> REVOKE
            certificationItem.setDecision(CertificationItem.DECISION_REVOKE);
            log.error("Service Account found --> Action: REVOKE for item: " + certificationItem.getId());
        } else {
            // Normal Account -> APPROVE
            certificationItem.setDecision(CertificationItem.DECISION_APPROVE);
            log.error("Normal Account found --> Action: APPROVE for item: " + certificationItem.getId());
        }
    }
}

}

log.error("Certification Automatic Closing Rule || Finished for the Certification → " + certification.getCertificationName());

and i think this is not even triggering. if u know this plz let me know

Hello @Shubhangani_Kharayat ,
This will trigger once the certification is entered into the end period. Please check the phase of the certification.

Thanks
@SivaLankapalli