Null Object in Sailpoint IIQ

Time for me to go sleep, after working for almost 8 longs hours in Rules :) Stay Healthy and Safe.Covid - 19

Some time in Sailpoint IIQ we have to handle the Null object. It take sometime for me, how to handle the Null and it was always throwing the error message while running the Identity refresh.


Below is the example how to manage the Null object in  Rule

import sailpoint.object.Identity;
String a = identity.getAttribute("Department");
if(a == null)
{
return "Null";
}
else if( a == "onepass") {
return "onepass";
}
else
{
return "Not one pass";
}


Java if..else..if statement.

if (expression1) 
{
   // codes
}
else if(expression2) 
{
   // codes
}
else if (expression3) 
{
   // codes
}
.
.
else 
{
   // codes
}

On-Boarding Active Directory Application

Homepage→Applications→ Applications Definition

Add New Application
     Name : Give name of the Application
     Owner : spadmin 
     Application Type : Active Directory - Direct

→ Configuration

→ Account

→ Group

→  Test Connection

 Save the configuration

How to add Owner to FIM Group (Powershell)

How to add display Owner to FIM Group (Powershell) , when the requirement is to add multiple owner from a txt file, the below is sample script which can be tweak.
<#-----------------------------------------------
Author : Anirban
----------------------------------------------- #>
If(@(Get-PSSnapin | Where-Object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {Add-PSSnapin FIMAutomation}
$groupObject = Export-FIMConfig -customConfig "/Group[DisplayName = 'DisplayNameoftheGroup']" -Uri "http://localhost:5725" -OnlyBaseResources

$userObject = Export-FIMConfig -Uri http://localhost:5725 -onlyBaseResources -customConfig "/Person[DisplayName = 'DisplayNameoftheOwner']"


$importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
$importChange.Operation = 0
$importChange.AttributeName = "Owner"
$importChange.AttributeValue = $userObject.ResourceManagementObject.ObjectIdentifier
$importChange.FullyResolved = 0
$importChange.Locale = "Invariant"

$importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
$importObject.ObjectType = "Group"
$importObject.TargetObjectIdentifier = $groupObject.ResourceManagementObject.ObjectIdentifier
$importObject.SourceObjectIdentifier = $groupObject.ResourceManagementObject.ObjectIdentifier
$importObject.State = 1
$ImportObject.Changes = (,$ImportChange)

$importObject | Import-FIMConfig -Uri http://localhost:5725

Query by Context !!

In Sailpoint we can test our query rule in Sailpoint IIQ console.
Use the below template and create a new rule in Sailpoint IIQ in debug option.

The name of the rule is query and the other parameter created, id, modified will take by default after we create the rule.

In Sailpoint IIQ Console run the rule  , rule "Query"
The below is querying all the last name of the identity in identity warehouse.

Thanks,
Anirban

Sailpoint Application Rule

Application Rule : The data in the source is not always in  proper format and there is always a need how to have the data in the format in which the business want. In Identity IQ we can manipulate the data while doing the aggregation from the source with the help of Application Rule.

To give an example, the ABC company want the Xlocation attribute in IQ to have the format firstname,lastname append with Microsoft.

Global Settings --> Identity Mapping , Select the attribute

In Source Mapping, Add Source, Select the Application Rule, From the Application drop down select the Application and create the Rule.

1. Give the Name of the Rule

2.The bean code which append "Microsoft" to firstname,lastname

Run the Aggregation task and do a IdentityCube Refresh and verify the Xlocation attribute in Identity Warehouse.

SailPoint : Branding

I was going through a demo and architect of SailPoint IQ  having login  page with company logo.

It is not difficult to customized the UI in Sailpoint if you have the access to compass.

I was wondering how to do it without having a compass account. 

Here is how you can do it

Place your image in  folder apache-tomcat-8.5.24\webapps\identityiq\ui\images

I have placed my own photo :)

SAILPOINT: provisioning in Active Directory

SAILPOINT : This is project which is pursue side projects outside FIM/MIM/Azure AD connect..

After configuring or on board the Active Directory Application, the next we want  how to proviosnnig a new user in AD from Identity warehouse.I wanted to do this from quite some time.

This is not the best way to provisioning user in AD, however it will show what need to be done at basic level in provisoning, To be honest i find it very hard as I do not see much explanation and steps need to do it available  in open forum.

We will create two role 1) Entitlement 2 ) Business , these two role will help in understanding what need to be done, if we want to set up a real and complex provsioning in AD.

Navigate to "Setup" from drop down list select Roles.
Click on New Roles and select role
In Role Editor, select the Type "Entitlement".

Scroll down the page
In Entitlements, click ADD and select the application Active Directory.
From the option Add An Entitlement, select Group Membership and select the group,save and submit it.

Next follow the above steps and create a role with Business type.

In Assignment Rule. select Match List , Add Identity Attributes, In select Attribute we can select the attribute from Identity warehouse.In general we can select attribute tagged to multiple user, In this for example we want to provisioing a single user based on first name.

We have select the first name "Anne" and add the entitlement created above in it and submit it.

Navigate to task and run the refresh Identity cube and it will generate a form where we have to give the details of DN, sAMAccountName and password , After submitting the form the user will be provisioning in AD.

In Next Blog we will provisioning the user in AD without submitting the form.