Workflow or Rules getting triggered on Signoff certification

didudeb2006 · November 15, 2023, 9:08pm

Which IIQ version are you inquiring about?

Version 7.2

Share all details related to your problem, including any error messages you may have received.

I am working on a POC, where the requirement is to redirect the WorkItem to a Group based on certain condition when the user Sign-Off certificate.
In-order to achieve this, I have created a new Rule (“Type=CertificationSignOffApprover”) and added my piece of code to create a new workItem by reading the WorkItem coming as part of the “certification” argument and assigning it to the required group. Added the Rule as Sign Off Approver Rule.

Although the assignment is working as expected, it only provides the option to the Group member to complete the newly created WorkItem, but doesn’t provide any option to Approve or Reject it.

Any advise, how to achieve this requirement.

Here is my piece of code.

List identities = new ArrayList();
List entities = certification.getEntities();

for ( CertificationEntity entity : entities ) {
  List items = entity.getItems();
  String remediationWrkItemReceiver ;
  Identity i = null;
  if(null != entity.getIdentity((XMLReferenceResolver)context)){
    i = entity.getIdentity((XMLReferenceResolver)context);
  }
    
  for ( CertificationItem item : items ) {
      EntitlementSnapshot ent = item.getExceptionEntitlements();
      Calendar expiration = Calendar.getInstance();  

      Identity targetIdentity = context.getObjectByName(Identity.class, i.getName());  
      Identity requester = context.getObjectByName(Identity.class, "spadmin");  

      WorkItem item = new WorkItem();  
      item.setType(WorkItem.Type.ManualAction);  
      item.setOwner(context.getObjectByName(Identity.class, "Passport Remediation Admin Workgroup"));  
      item.setRequester(requester);  

      Sequencer sequencer = new Sequencer();  
      item.setName(sequencer.generateId(context, item));  
      item.setRenderer("lcmManualActionsRenderer.xhtml");  
      item.setLevel(WorkItem.Level.Normal);  
      item.setTarget(targetIdentity);  
      item.setTargetClass(Identity.class.getName());  
      item.setDescription("Manual Changes requested for User: "+targetIdentity.getDisplayableName());  
      item.setHandler("sailpoint.api.Workflower");  
      item.setIdentityRequestId("0000000038");  

      Attributes attributes = new Attributes();  
      item.setAttributes(attributes);  

      ApprovalSet approvalSet = new ApprovalSet();  
      ApprovalItem approvalItem = new ApprovalItem();  
      approvalItem.setApplication(ent.getApplicationName());  
      approvalItem.setNativeIdentity(targetIdentity.getName());  
      approvalItem.setOperation("Create");  
      approvalItem.setValue("attribuut = \"value\"");  
      approvalSet.add(approvalItem);  

      attributes.put("approvalSet", approvalSet);  
      attributes.put("identityDisplayName", targetIdentity.getDisplayableName());  
      attributes.put("identityName", targetIdentity.getName());  

      item.setExpiration(expiration.getTime());  

      context.startTransaction();  
      context.saveObject(item);  
      context.commitTransaction(); 

  }

}

Remold · November 15, 2023, 9:24pm

The CertificationSignOffApprover should return a java.util.Map:

Map containing either an Identity or Identity name with the key “identity” or “identityName”, respectively.
e.g.: “identity”, identityObject or
“identityName”, “Adam.Kennedy”

You are not returning anything (at least not in the code you are sharing).

See for an example the Technical White Paper: Rules in IdentityIQ

– Remold

didudeb2006 · November 16, 2023, 3:54pm

Added the code to return Map containing identity, but it shows the same screen, not provides the option to Approve or Reject.

sunnyajmera · November 16, 2023, 10:40pm

Can you change this to WorkItem.Type.Approval and try out

didudeb2006 · November 17, 2023, 5:05pm

Thanks. It’s providing the approve and Deny button after making the below change.
item.setType(WorkItem.Type.Approval);

However, while opening the WorkItem it shows the below error And also please advise how to link Approve / Deny functionalities. My requirement is to create a ServiceNow ticket on approval and Redirect the request back to the Certifier on Deny.

Remold · November 17, 2023, 9:36pm

Hi @didudeb2006,

You forgot to include the error

Can you make a separate thread for your ServiceNow Ticket requirement, as that would be a new topic.

– Remold

didudeb2006 · November 20, 2023, 8:05pm

Please find the below error.

Remold · November 21, 2023, 8:18pm

Hi @didudeb2006 , can you at the related log entries? The log-file contains more detailed information on the error.

– Remold

system · January 20, 2024, 8:19pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Creating a certification from a rule IIQ Discussion and Questions rules , certifications	17	929	July 22, 2023
Introduction of a new flow between Certifier and SNC ticket creation IIQ Discussion and Questions identityiq	6	253	December 24, 2023
What workflow is getting triggered while revoking the access-review during the certification IIQ Discussion and Questions identityiq	11	380	January 7, 2024
Addition of a new workflow between Certifier and SNC ticket creation IIQ Discussion and Questions identityiq	2	218	December 23, 2023
Approvalitem show button is not working for IIQ IIQ Discussion and Questions	4	1464	July 19, 2023

Workflow or Rules getting triggered on Signoff certification

Which IIQ version are you inquiring about?

Share all details related to your problem, including any error messages you may have received.

Related Topics