Hello Everyone,
Having trouble customizing our tickets with the velocity templates, and seeking information on how to close some gaps of information not present in the provisioning plan (xml) \ seeking to lookup and include additional information.
-
Feedback - Would be considerably helpful to have a testing framework (UI) in Sailpoint to pick from a list of Sample or Historical provisioningPlans to test the velocity template code. If not within ISC, at least a local development kit. Based on documentation and community discussions, it appears that the only method of testing is to initiate live changes in ISC, monitor logs on the VA’s, and confirm the results in SDIM which is highly inefficient.
-
Guidance (Customizing provisionPlans + Velocity Templates) - I am comming accross some issues with extracting specific information (Examples below) from the provision plans. Is there a legend or other information (examples) on how to discover or extract any detail in the provision plan?
-
Guidance (Customizing provisionPlans) - In addition to the fields we are attempting to populate to provide additional context within the tickets, it’s unclear exactly how we may be able to provide additional details about the target. For example: for every provisionPlan, we would like to provide identityAttributes
What I am really trying here is to close the gap on knowledge regarding provisioning plans, velocity templates, and customizing both the inputs and outputs. There’s unfortunately trails of information here and there in the discussion forums and the documentation, but no clear path to develop the concepts we’re attempting to make (self service).
LCM Change from Admin requesting “Disable Account”
Information to extract:
- Value for op=“Disable”
Have Tried:
#set($operation = "")
#set($accountRequest = $plan.requests.get(0))
#set($operation = $accountRequest.operation)
Return: $operation
Expect: "Disable"
Get: "Update"
Sample Provision Plan (LCM)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ProvisioningPlan PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ProvisioningPlan nativeIdentity="Example, User">
<AccountRequest application="Stripe [source]" nativeIdentity="[email protected]" op="Disable"/>
<Attributes>
<Map>
<entry key="identityFirstname" value="User"/>
<entry key="identityLastname" value="Example"/>
<entry key="identityName" value="User, Example"/>
<entry key="identityRequestId" value="****"/>
<entry key="requester" value="srvc-sailpoint"/>
<entry key="source" value="LCM"/>
</Map>
</Attributes>
</ProvisioningPlan>
Certification ProvisioningPlan
Information to extract:
- Value for campaign: value=“[JSD Test 02] - Updated Jira Fields”
Have Tried:
#set($campaign = 'None')
#foreach($req in $plan.requests)
#if($req.Attributes.Map.containsKey('campaign'))
#set($campaign = $req.Attributes.Map.get('campaign'))
#end
#end
$campaign
Expect: "[JSD Test 02] - Updated Jira Fields"
Get: "None"
Sample Provision Plan (Campaign)
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ProvisioningPlan PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ProvisioningPlan nativeIdentity="Example, User">
<AccountRequest application="Stripe [source]" nativeIdentity="[email protected] op="Modify">
<Attributes>
<Map>
<entry key="campaign" value="[JSD Test 02] - Updated Jira Fields"/>
<entry key="certification" value="Identity Access Review for srvc-sailpoint"/>
<entry key="certificationId" value="******"/>
<entry key="flow" value="AccountAttributeUpdate"/>
<entry key="interface" value="LCM"/>
<entry key="operation" value="EntitlementRemove"/>
<entry key="requester" value="srvc-sailpoint"/>
</Map>
</Attributes>
<AttributeRequest name="Role" op="Remove" value="Global Trust & Safety"/>
<ProvisioningResult requestID="SDD-XYZ" status="queued"/>
</AccountRequest>
<Attributes>
<Map>
<entry key="comments" value="Certification remediation for Identity: Example, User Certification: ****** (Identity Access Review for srvc-sailpoint- [JSD Test 02] - Updated Jira Fields)"/>
<entry key="identityFirstname" value="User"/>
<entry key="identityLastname" value="Example"/>
<entry key="identityName" value="Example, User"/>
<entry key="identityRequestId" value="******"/>
<entry key="noRoleExpansion">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="requester" value="srvc-sailpoint"/>
<entry key="source" value="Certification"/>
<entry key="sourceId" value="******"/>
<entry key="sourceName" value="Identity Access Review for srvc-sailpoint"/>
</Map>
</Attributes>
</ProvisioningPlan>
Current JIRA Cloud Velocity Template Configuration
"serviceRequest": {
"checkStatus": {...},
"provision": {
"request": {
"raiseOnBehalfOf": "$!{plan.arguments.opened_by|'[email protected]'}",
"serviceDeskId": "1",
"requestTypeId": "2",
"requestFieldValues": {
"summary": "SailPoint Access Request $!plan.arguments.identityRequestId #if($plan.arguments.identityName) for the user $plan.arguments.identityName #end",
"description": "#foreach($req in $plan.requests) #if($req.operation == 'Create') Create Account on application $req.resource #else For $req.id in application $req.resource #end #if($req.items) $newline #foreach($item in $req.items) #if ($item.name == '*disabled*' && $item.value == 'true') Requested action from SailPoint : Disable Account #if ($request.arguments.comments) , Comments : $request.arguments.comments #end $newline #elseif ($item.name == '*disabled*' && $item.value == 'false') Requested action from SailPoint : Enable Account #if ($request.arguments.comments) , Comments : $request.arguments.comments #end $newline #elseif ($item.name == '*locked*' && $item.value == 'false') Requested action from SailPoint : Unlock Account #if ($request.arguments.comments) , Comments : $request.arguments.comments #end $newline #else $!item.Operation $item.name: $item.value #if ($item.arguments.comments) , Comment from SailPoint : $item.arguments.comments #end $newline #end #end #else $newline $!req.Operation Account #if ($request.arguments.comments) , Comment from SailPoint : $request.arguments.comments #end $newline #end #end",
# Field Campaign (Example. If present, return the campaign name)
"customfield_10001": "#set($campaign = 'None') #foreach($req in $plan.requests) #if($req.Attributes.Map.containsKey('campaign')) #set($campaign = $req.Attributes.Map.get('campaign')) #end #end $campaign",
# Field Origin (Example. LCM, Certification, etc)
"customfield_10002": "#foreach($entry in $plan.arguments.entrySet()) #if($entry.key == 'source') #set($source = $entry.value) #end #end $source",
# Field Operation
"customfield_10003": "#set($operation = '') #set($accountRequest = $plan.requests.get(0)) #set($operation = $accountRequest.operation) $operation",
# Field Requestor (Example. Decision Maker or Requestor)
"customfield_10004": "#set($requester = '') #foreach($entry in $plan.arguments.entrySet()) #if($entry.key == 'requester') #set($requester = $entry.value) #end #end $requester",
# Field Application (Example. "Stripe [Source]" however would prefer the application name)
"customfield_10005": "#set($application = '') #set($accountRequest = $plan.requests.get(0)) #set($application = $accountRequest.resource) $application"
}
},
"resource": "/rest/servicedeskapi/request",
"responseElement": "$.issueKey"
}
