ServiceNow onboarding Sailpoint

 

Rules in Sailpoint

Rules are the construct through which IdentityIQ allows the addition of custom business logic at specific points within the execution flow of the product.

The below is the sample how to construct business logic, There are multiple application on-board to Sailpoint and the requirement is to get the mail of the user from an specific application HR System – Employees.

The below are the learning

1.       How can we define a method in Rule (A Java method is a collection of statements that are grouped together to perform an operation.)
2.       Link of an identity
3.       How to test the rule in IIQ console

Code

      import sailpoint.object.Identity;
 import java.util.*;
 import sailpoint.api.*;
 import sailpoint.object.Link;

// Java Method
 
 public static String GetEmail(String user) {
 
 Identity id = context.getObject(Identity.class,user);
 List listOfLinks=id.getLinks();
 if(listOfLinks!=null){
                        for(Link link : listOfLinks)
                               {

                               if(link.getApplicationName().equals("HR System - Employees")){
                                 String emailofApp = link.getAttribute("email");
                                 return emailofApp;
                                }
                            }
                        }

                                           }

     String user = "Adam.Kennedy";
String emailofuser = GetEmail(user);   // Calling the Method
System.out.println("We have found the email of the user"+ " "+ emailofuser);

Save the above code in a Rule.
In IIQ Console.

How to get the value of other fields in a form in validation scripts.

I have two fields Location & sub-location and based on the value in location, the sublocation should allow to have the value from selected value from the lists and on having a different value in the field should give the customized message.

Eg,    Location India and corresponding sublocation is Bangalore,Hyderabad,Pune

The below rule can have multiple If statement, based on your requirement.

//validation variable comes in as 'value'
                import sailpoint.tools.Message;
                String Val = form.getField("Location").getValue();
                System.out.println("Value is :" + Val);
                List messages = new ArrayList();
                String input = (String)value;
                System.out.println("Value :" + input);
// Check===================================
   if(Val.equals("India")) {
   List loc = new ArrayList();
     loc.add("Bangalore");
     loc.add("Pune");
     loc.add("Hyderabad");
        int j=0;   
     for(String item : loc){
       if( input.equals(item)){
            j++;       

                   }          
        }               

      if(j!=1) {
                Message msg = new Message();
                     msg.setKey("Allowed value are Bangalore,Pune,Hyderabad");
                     messages.add(msg);

                }       

          }
     return messages;

Writing my first PlayBook on shell and local_action Module

Below is the structure of Playbook of generating HTML report using the shell and local_action Module

YAML

-  hosts:  localhost

   tasks:

     -  name:  checking 

        shell:  |

            a=$(hostnamectl | grep Chassis)

            a=$a{a// /}

            b=$(hostnamectl | grep "Icon name")

            b=$b{b// /}           

            echo "<html>

                  <head>

                  <style>

                  table, th, td {

                  border: 1px solid black;

                  }

                  </style>

                  </head>

                  <body>

                  <h2>Ansible Generating report</h2>

                  <p>Author - Anirban.</p>

                  <table style="width:20%">

                  <tr>

                  <th>Name</th>

                  <th>Information</th>    

                  </tr>

                  <tr>

                  <td>Chassis</td>

                  <td>$a</td>    

                  </tr>

                  <tr>

                  <td>Icon name</td>

                  <td>$b</td>    

                  </tr>  

                  </table>

                  </body>

                  </html>"

        register:  output

     -  name:  message

        debug:

          msg: "{{output.stdout}}"

     -  name: Generating the report

        local_action:  "copy content='{{output.stdout}}' dest=/home/anirban/Desktop/report.html"

Ansible Syntax check

   ansible-playbook systemreport.yml --syntax-check

Ansible Playbook

    ansible-playbook systemreport.yml

The outPut of the Playbook

Add caption

Display All the Owner of Group in FIM|MIM from a lists having the Groups Display Name

Null Object in Sailpoint IIQ

Time for me to go sleep, after working for almost 8 longs hours in Rules :) Stay Healthy and Safe.Covid - 19

Some time in Sailpoint IIQ we have to handle the Null object. It take sometime for me, how to handle the Null and it was always throwing the error message while running the Identity refresh.


Below is the example how to manage the Null object in  Rule

import sailpoint.object.Identity;
String a = identity.getAttribute("Department");
if(a == null)
{
return "Null";
}
else if( a == "onepass") {
return "onepass";
}
else
{
return "Not one pass";
}


Java if..else..if statement.

if (expression1) 
{
   // codes
}
else if(expression2) 
{
   // codes
}
else if (expression3) 
{
   // codes
}
.
.
else 
{
   // codes
}

On-Boarding Active Directory Application

Homepage→Applications→ Applications Definition

Add New Application
     Name : Give name of the Application
     Owner : spadmin 
     Application Type : Active Directory - Direct

→ Configuration

→ Account

→ Group

→  Test Connection

 Save the configuration