SailPoint IIQ Rule - Isolating Identities based on Detected Role?

itzsam91 · July 16, 2024, 8:30pm

Which IIQ version are you inquiring about?

IIQ 8.3p3

Share all details related to your problem, including any error messages you may have received.

Hey there!

Assigned Roles / Detected Roles as I understand it, is searchable OOTB under Advanced Analytics. Is it possible to utilize that field to put in an IF condition in a IIQ rule?

For example,

If condition (identity has “Detected Role = Test Role”) then perform function, then return result to target attribute.

I’m unsure the syntax to write out for this if this is possible,

Thank you!

vishal_kejriwal1 · July 16, 2024, 8:55pm

This will give list of all the detected Role for the user , now you can use this list to perform your logic.

	Identity iden = context.getObjectByName(Identity.class, "<name>");
	List<Bundle> detectedRole =iden.getDetectedRoles();

itzsam91 · July 16, 2024, 9:16pm

Hi Vishal thanks for the reply!

I receive a “System encountered error processing your request” when inputting 2nd line into the IIQ rule.

The next step after is to check from that list, if user has a certain role that is detected. And if so, do x.

Is this something you can put in as detectedRole.equals or detectedrole.contains?

dheerajk27 · July 17, 2024, 4:09am

import sailpoint.object.QueryOptions;
  import sailpoint.object.Filter;
  import sailpoint.object.Identity;

  QueryOptions qo=new QueryOptions();
  Filter filter=Filter.eq("inactive", false);
  List identityList=new ArrayList();
  qo.addFilter(filter);
  Iterator itr=context.search(Identity.class,qo);
  while(itr.hasNext()){
    Identity identity=itr.next();
    if(null!=identity){
      List detecRoles = identity.getDetectedRoles();
      if(!Util.isEmpty(detecRoles)){
        for(Bundle role : detecRoles){
          if(null==role){ continue; }
          if(Util.nullSafeCaseInsensitiveEq(role.getName(),"Test Role")){
            identityList.add(identity.getName());
          }

        }
      }
    }

  }
  return identityList;

Try this this will give you the list of all active identity with detectedRole with name “Test Role”

itzsam91 · July 17, 2024, 3:58pm

Hi there dheeraj,

This is helpful! I was able to produce results utilizing some of your code snippets onto my own. Thank you!

Does this also work for assigned roles? Meaning, the syntax would then be getAssignedRoles() instead of getDetectedRoles() correct?

dheerajk27 · July 17, 2024, 4:12pm

Yes you can replace identity.getDetectedRole() to identity.getAssignedRoles().

If this is good please mark solution as resolved.

system · September 15, 2024, 4:12pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Programatically Removal of Detected IT Roles for the Identity IIQ Discussion and Questions rules , identityiq , provisioning , roles	7	650	February 5, 2024
Issue: IT role not getting detected IIQ Discussion and Questions identityiq , roles	14	580	May 31, 2024
Issue with Role Assignment Rule IIQ Discussion and Questions identityiq , provisioning	4	52	October 22, 2024
Help with Assignment Rule IIQ Discussion and Questions rules , identityiq , roles	11	999	February 20, 2024
Manager Certification - Detected Roles and Assigned Roles IIQ Discussion and Questions identityiq	7	57	November 8, 2024

SailPoint IIQ Rule - Isolating Identities based on Detected Role?

Which IIQ version are you inquiring about?

Share all details related to your problem, including any error messages you may have received.

Related topics