Post Certification

Shubhangani · April 28, 2025, 10:46am

Hii, I want when certification completed then for those accounts for whom decision has been not taken then if the user is belongs to normal account then his groups will be removed else if user belongs to service account then their groups will be there.
please tell me the approach

SivaLankapalli · April 28, 2025, 2:17pm

Hi @Shubhangani , Welcome to Developer Community!

This situation appears to be quite complex, and I must admit that I have never personally encountered anything like it in real life. However, it might be worth experimenting with the “Enable Automatic Closing” option to see if it helps streamline the process. Exploring this feature could potentially provide insights or solutions that we haven’t considered yet.

Thanks,
@SivaLankapalli

Shubhangani_Kharayat · April 28, 2025, 4:29pm

yes i was doing that only and using given rule but not working can you plz check it once . I am adding this rule in “closing rule”.

import sailpoint.object.*;
import sailpoint.api.CertificationUtil;
import java.util.List;

Certification certification = (Certification) arguments.get(“certification”);

List items = certification.getCertificationItems(); // Correct method!
log.error("certifications :: "+items);
for (CertificationItem item : items) {
Identity identity = item.getIdentity();
if (identity != null) {
Boolean isServiceAccount = (Boolean) identity.getAttribute(“isServiceAccount”);
if (isServiceAccount != null && isServiceAccount) {

        item.setDecision(CertificationItem.DECISION_APPROVE);
      log.error("approve");
    } else {
        item.setDecision(CertificationItem.DECISION_REVOKE);
       log.error("remove");
    }
}

}

SivaLankapalli · April 28, 2025, 5:03pm

Hi @Shubhangani_Kharayat,

I have never tried to approve or revoke. However, I did set some other attributes using similar code.

  import sailpoint.object.Certification; 
  import sailpoint.object.CertificationEntity;
  import sailpoint.object.CertificationItem;
  import sailpoint.object.AbstractCertificationItem;

  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;

  Log log = LogFactory.getLog("org.***.common.uar");

  log.info("Certification Automatic Closing Rule || Initialised for the Certification --> " + certification.getCertificationName());

  List &lt;CertificationEntity> certificationEntityObject = certification.getEntities();
  
  for(CertificationEntity certificationEnity : certificationEntityObject){
    List &lt;CertificationItem> certificationItems = certificationEnity.getItems();
    for(CertificationItem certificationItem : certificationItems){
      if(certificationItem.getSummaryStatus().equals(AbstractCertificationItem.Status.Open)){
        log.debug(certification.getCertificationName() + " || Certification Automatic Closing Rule || Certification Items Status --> " + certificationEnity.getSummaryStatus());
        certificationItem.setAction(******);
       // explore this method.
        
      } 
    }
  }

  log.info("Certification Automatic Closing Rule || Finished for the Certification --> " + certification.getCertificationName());

I believe you might need to approve the work items as well. If the above is not fully resolved.

Let me know how it’s worked.

Thanks,
@SivaLankapalli

Shubhangani · April 29, 2025, 7:08am

for this rule
import sailpoint.object.Certification;
import sailpoint.object.CertificationEntity;
import sailpoint.object.CertificationItem;
import sailpoint.object.AbstractCertificationItem;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

Log log = LogFactory.getLog(“org.example.common.uar”);

log.error("Certification Automatic Closing Rule || Initialized for the Certification → " + certification.getCertificationName());

List certificationEntityObject = certification.getEntities();

for (CertificationEntity certificationEntity : certificationEntityObject) {
List certificationItems = certificationEntity.getItems();

for (CertificationItem certificationItem : certificationItems) {
    if (certificationItem.getSummaryStatus().equals(AbstractCertificationItem.Status.Open)) {
        log.error(certification.getCertificationName() + 
                  " || Certification Automatic Closing Rule || Certification Item Status --> " + 
                  certificationItem.getSummaryStatus());

        Boolean isServiceAccount = (Boolean) certificationItem.getAttribute("isServiceAccount");

        if (isServiceAccount != null && isServiceAccount) {
            // Service Account -> REVOKE
            certificationItem.setDecision(CertificationItem.DECISION_REVOKE);
            log.error("Service Account found --> Action: REVOKE for item: " + certificationItem.getId());
        } else {
            // Normal Account -> APPROVE
            certificationItem.setDecision(CertificationItem.DECISION_APPROVE);
            log.error("Normal Account found --> Action: APPROVE for item: " + certificationItem.getId());
        }
    }
}

}

log.error("Certification Automatic Closing Rule || Finished for the Certification → " + certification.getCertificationName());

and i think this is not even triggering. if u know this plz let me know

SivaLankapalli · April 30, 2025, 3:23am

Hello @Shubhangani_Kharayat ,
This will trigger once the certification is entered into the end period. Please check the phase of the certification.

Thanks
@SivaLankapalli