How to write a pre delegation rule for if certifier is inactive, delegate to workgroup
Hey Sachin! Firstly welcome to the SailPoint Developer Community!
Secondly, for your case think of a workgroup like any other identity (the only difference here would be that all the workgroup members will be notified at the same time about the delegation) then your scenario becomes a standard one.
Try the following code structure
Map delegatedOwners = new HashMap();
String certifier = certification.getCertifiers().get(0);
Identity certifierObj = context.getObjectByName(Identity.class, certifier);
if(certifierObj is disabled){
delegatedOwners.put("reassign", true);
delegatedOwners.put("recipientName", "WorkGroupName");
delegatedOwners.put("description", "your desc");
delegatedOwners.put("comments", "your comm");
}
return delegatedOwners;
It depends on which type of certification you are using.
If it is Targeted Certification, you don’t need to use Pre-Delegation Rule as you can have this conditions in certifier Rule itself unless you need to have delegation.
Pre-Delegation Rule
You need to return a Map as output of the Rule
Map results = new HashMap();
String workGroupname = "test workgroup";
You will have certification object as one of the inputs, from which you can get certifier using below code snippet.
String certifierName = certification.getCertifiers().get(0);
Alternatively you can get from CertificationEntity object as well, which is also an input.
String certifierName = entity.getIdentity();
Build Identity object for certifier
Identity certifierObj = context.getObjectByName(Identity.class, certifierName);
Check status
boolean status = certifierObj.isInactive();
if (!status) {
results.put("recipientName", certifierName );
} else {
results.put("recipientName", workGroupname );
}
You can add some description and comments
results.put("description", "Please certify your own access");
results.put("comments", "This is the access currently granted to you: ");
You need set one more argument reassign: (Boolean) flag indicating whether this is a reassignment or delegation (true=>reassignment).
The difference between reassignment and delegation is that reassigned certifications do not return to the original certifier for review and approval when the assignee has completed signoff and delegated items do.
results.put("reassign", true);
return results;
Certifier Rule
Just Return certifierName as output.
boolean status = certifierObj.isInactive();
if (!status) {
return certifierName;
} else {
return workGroupname;
}
Thanks
Krish
Writing it for application owner certification.
Then you can use Pre-Delegation Rule as I explained already.
getting error in this, can I use if(certifierObj.isInactive()) instead of certifierObj is disabled?
Hey Sachin, sorry for not being clear the code snippet i have given was just a reference to understand the flow and the logic. Its not syntactically correct - Its a pseudo code
Hi @SDM007. Is there a reply that most helped you answer your question? If so, can you please mark the reply that was the solution. There’s a little checkmark button under each reply that allows you to do this.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.