Hello Sailors,
we have connect to the sap grc application, where the connector is custom.
the concern over is that account aggregation is taking long time to complete, and avg time to complete the task is 4 hours.
due to which sometime it’s leading towards data sync issue,
where any changes happen in the grc is not updating properly in the sailpoint iiq.
any input over this will be help
thanks
Riyazuddin
Could you share the code used inside custom connector class for fetching the accounts from target.
Hello @tharshith
below is the code
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Application PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Application connector="sailpoint.connector.OpenConnectorAdapter" created="1593368139883" featuresString="PROVISIONING, DISCOVER_SCHEMA, SYNC_PROVISIONING, SEARCH" icon="enterpriseIcon" id="0a33134972fb144d8172fc24586b2886" modified="1752041317293" name="SAP GRC" profileClass="" significantModified="1752041317293" type="SAPGRC-Custom">
<Attributes>
<Map>
<entry key="GRAC_REQUEST_STATUS_WS" value="http://jbldcvspgrc05.ad.sad.com:8000/sap/bc/srt/rfc/sap/grac_request_status_ws/240/grac_request_status_ws/grac_request_status_ws"/>
<entry key="GRAC_SEARCH_ROLES_WS" value="http://jbldcvspgrc05.ad.sad.com:8000/sap/bc/srt/rfc/sap/grac_search_roles_ws/240/grac_search_roles_ws/grac_search_roles_ws"/>
<entry key="GRAC_USER_ACCESS_WS" value="http://jbldcvspgrc05.ad.sad.com:8000/sap/bc/srt/rfc/sap/grac_user_acces_ws/240/grac_user_acces_ws/grac_user_acces_ws"/>
<entry key="GRAC_USER_ASSIGN_BUSRL_WS" value="http://jbldcvspgrc05.ad.sad.com:8000/sap/bc/srt/rfc/sap/grac_user_assign_busrl_ws/240/grac_user_assign_busrl_ws/grac_user_assign_busrl_ws"/>
<entry key="accountName" value="IIQ_GRC"/>
<entry key="accountPassword" value="1:xxxxxxxxxxxxxxxxxxxxxx"/>
<entry key="acctAggregationEnd">
<value>
<Date>1752041317278</Date>
</value>
</entry>
<entry key="acctAggregationStart">
<value>
<Date>1752026087057</Date>
</value>
</entry>
<entry key="afterProvisioningRule" value="SAPGRC - AfterProvisioningPlan"/>
<entry key="aggregationPartitioned">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="aggregationType" value="account"/>
<entry key="beforeProvisioningRule" value="SAPGRC - BeforeProvisioningPlan"/>
<entry key="compositeDefinition"/>
<entry key="connectorClass" value="sailpoint.sapgrc.connector.SadaraSAPGRCConnector"/>
<entry key="dateFormat" value="yyyyMMdd"/>
<entry key="grc_request_initiation_system" value="GRC-PG2CLNT240"/>
<entry key="nativeChangeDetectionAttributeScope" value="entitlements"/>
<entry key="nativeChangeDetectionAttributes"/>
<entry key="nativeChangeDetectionEnabled">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="nativeChangeDetectionOperations"/>
<entry key="noPermissions" value="true"/>
<entry key="operations" value="Create, Modify, Delete"/>
<entry key="requestorDefaultEmail" value="[email protected]"/>
<entry key="sysDescriptions">
<value>
<Map>
<entry key="en_US"/>
</Map>
</value>
</entry>
<entry key="templateApplication" value="SAPGRC-Custom"/>
</Map>
</Attributes>
<CustomizationRule>
<Reference class="sailpoint.object.Rule" id="8ab3933153c319030153c31ace47005f" name="SAPGRCCustomizationRule"/>
</CustomizationRule>
<Owner>
<Reference class="sailpoint.object.Identity" id="0a33134972ea14fc8172f54c3083717b" name="OMARAS01"/>
</Owner>
<ProvisioningForms>
<Form name="update" objectType="account" type="Update">
<Attributes>
<Map>
<entry key="pageTitle" value="update"/>
</Map>
</Attributes>
<Section>
<Field displayName="Business Justification" name="business_justification" required="true" type="string"/>
</Section>
</Form>
<Form name="create" objectType="account" type="Create">
<Attributes>
<Map>
<entry key="pageTitle" value="create"/>
</Map>
</Attributes>
<Section>
<Field displayName="Business Justification" name="business_justification" required="true" type="string">
<RuleRef>
<Reference class="sailpoint.object.Rule" id="0a33134975f0140881768961e28d5665" name="BeanshellNamespace"/>
</RuleRef>
</Field>
<Field displayName="username" filterString="" name="username" required="true" type="string">
<Script>
<Source>return identity.getName();</Source>
</Script>
</Field>
</Section>
</Form>
<Form name="delete" objectType="account" type="Delete">
<Attributes>
<Map>
<entry key="pageTitle" value="delete"/>
</Map>
</Attributes>
<Section>
<Field displayName="Business Justification" filterString="" name="business_justification" type="string" value="Delete Request submitted By IdentityIQ."/>
</Section>
</Form>
<Form name="enable" objectType="account" type="Enable">
<Attributes>
<Map>
<entry key="pageTitle" value="enable"/>
</Map>
</Attributes>
<Section>
<Field displayName="username" filterString="" name="username" type="string">
<Script>
<Source>return identity.getName();</Source>
</Script>
</Field>
</Section>
</Form>
<Form name="disable" objectType="account" type="Disable">
<Attributes>
<Map>
<entry key="pageTitle" value="disable"/>
</Map>
</Attributes>
<Section>
<Field displayName="username" filterString="" name="username" type="string">
<Script>
<Source>return identity.getName();</Source>
</Script>
</Field>
</Section>
</Form>
</ProvisioningForms>
<Schemas>
<Schema created="1721328329973" displayAttribute="username" groupAttribute="groups" id="0a33134a90c719a18190c729e4f5000c" identityAttribute="username" instanceAttribute="" modified="1750067324125" nativeObjectType="account" objectType="account" significantModified="1750067324125">
<AttributeDefinition name="username" remediationModificationType="None" type="string">
<Description></Description>
</AttributeDefinition>
<AttributeDefinition name="ValidFrom" type="string">
<Description>Start Date</Description>
</AttributeDefinition>
<AttributeDefinition name="ValidTo" type="string">
<Description>End Date</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true" multi="true" name="groups" remediationModificationType="None" schemaObjectType="group" type="string">
<Description></Description>
</AttributeDefinition>
</Schema>
<Schema created="1721328329973" descriptionAttribute="" displayAttribute="name" id="0a33134a90c719a18190c729e4f5000b" identityAttribute="name" instanceAttribute="" modified="1750067324125" nativeObjectType="group" objectType="group" significantModified="1750067324125">
<AttributeDefinition name="name" remediationModificationType="None" type="string">
<Description></Description>
</AttributeDefinition>
<AttributeDefinition name="description" remediationModificationType="None" type="string">
<Description></Description>
</AttributeDefinition>
</Schema>
</Schemas>
<ApplicationScorecard created="1721328329973" id="0a33134a90c719a18190c729e4f5000a" modified="1750067324125" significantModified="1750067324125"/>
</Application>
aggregation is taking more time
Hey @Riyazuddin99
I see that there is a Customization Rule for this application which might be reason for slower aggregation.
Try to check the aggregation time once by removing that Rule. If there is a huge drop in time, probably you might have to adjust the logic/code in your Rule.
Hello @tharshith ,
ohh, so you suggest to modify the custom rules.
@Riyazuddin99 I’m not telling you to modify them. Please first check if you run aggregation Without Customization Rule is decreasing your aggregation time.
You really ought to generate a new encryption key so you aren’t using the default keys which could be easily decrypted.
Hello @phodgdon,
sorry, i didn’t understood this.
can you provide me a bit more information on this.
how to fix it, if any incorrect/misconfigured in the current one
See 8.4 IdentityIQ System Configuration Guide - Compass under data encryption. Without generating a new key anyone with access to your xml with the encrypted values can decrypt them.