Thursday, April 25, 2013

Custom task in SailPoint IIQ

Custom tasks are quite useful in SailPoint implementations. Customers brings up lot of different requirements for reporting and certifications which cannot be achieved using default tasks or ootb configurations.

Custom tasks also speeds up the process if the code is written accurately.

In this post I will explain how to build the custom task in SailPoint.

1. First you need to create a task definition with required parameters (jnput and output), which is required for the custom class java method which executes in background.

Sample custom task.xml

< ?xml version='1.0' encoding='UTF-8'? >
< !DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd" >
< TaskDefinition executor="sailpoint.custom.AbhiA"  name="AbhiACustom" progressInterval="5000" progressMode="String" template="true" resultAction="Delete" type="Generic" >
  < Description >Run Multiple aggregation< /Description  >
  < Signature >
    < Inputs >
      < Argument name="application" required="true" type="Application"  >
        < Prompt >Search Application< /Prompt >
      < /Argument >
     < /Inputs>
    < Returns>
      < Argument name="output" type="String" >
        < Prompt >Result< /Prompt >
      < /Argument >
    < /Returns >
  < /Signature >
< /TaskDefinition >

  •  < TaskDefinition executor="sailpoint.custom.AbhiA"   this defines the name of the class which will be executed to execute the task
  •  < Argument name="application" required="true" type="Application" > this defines the input parameter of the task. The custom java code AbhiA will take input parameter as "application" variable. The type="Application" will create a drop down for application. Similarly you can have a type text for simple text input.
  • < Prompt >Search Application< /Prompt > this defnes the text which will be displayed in UI to the user.
  •  &lt; Returns > < Argument name="output" type="String" >  this defines the output parameter, in the custom task java code all output result will be passed to this output string.

2. Now create you java class to define the method for custom task

package sailpoint.custom;

import sailpoint.api.SailPointContext;
import sailpoint.object.Attributes;
import sailpoint.object.TaskResult;
import sailpoint.object.TaskSchedule;
import sailpoint.task.AbstractTaskExecutor;

public class AbhiA extends AbstractTaskExecutor {

      public void execute(SailPointContext ctx, TaskSchedule tshd,               TaskResult result, Attributes args)
      throws Exception {

            String output = "output";

            String appname = (String) args.get("application");
            result.setAttribute(output, "Hi Custom task executed" + appname);

      public boolean terminate() {

            return false;

  •  The custom class will extend the AbstractTaskExecutor task and implements the execute method.
  •  To get the input arguments for the task defined in SailPoint use the following statement args.get("application") where "application" is the name defines in customtask.xml file.
  •   To redirect the result of your task to the output paramter defined in customtask.xml use the following statemen    result.setAttribute(output, "Hi Custom task executed" + appname);

3. Execute the task and you are done!!


  1. Hello abhishek.. I am working on something similar to what you have mentioned in your blog. I need your help. I am new to sailpoint and i have to deliver a code where i have to fetch application name, instance name, entitlement name etc from sailpoint context.. Can you please help me with the code for the same??

  2. Hello gunpreet, are you aware of sailpoint javadoc , which has all the funtions to get application name, entitlement name etc... if no then go through the java doc and you will get all the required functions, which can be used from context.

    1. Hello abhishek. Yes i am aware but was not of much help. Finally i could figure out from the page that data is being stored in json and i can fetch it from there. Now i could get the row id from which i will fetch the details of the row for which we are customizing to seek clarification feature. Can you suggest something on this? My task is to customize the ui and add a help button to entitlement where manager can seek more clarification. When this button is clicked the details of user , applicatication etc is to be fetched and stored in database.

    2. where do you want this UI button in the certification page?in 5.5 the UI customization is very limited, in 6.0 u can play with UI more. Check the UI Customization through UIConfig document avialable in compass, which describes what all option you have to modify UI.

  3. Thank you very much Abhishek , Please write more topics about IIQ for beginners like me it's very useful.

  4. Hi, Pls how do you execute this task in sailpoint IIQ. Basically how can i test this code of yours.

  5. java code to send Email

    System.out.println("in the preiterate rule of isecure Blog");
    import java.nio.file.*;
    import java.nio.file.attribute.*;
    import java.text.SimpleDateFormat;
    import java.util.Date;
    import java.lang.Object;


    Date file = new Date();

    System.out.println("Day of given date : " + file.getDate());

    i want to read the date of the file and send Email to the admin through java code. above i have return some code which is pulling path of the file and todays date . please provide me the exact code to read the date and send email to the admin using getDate() and setTo() methods

  6. Hi Man,

    Awesome article. Thanks for making
    that available. I've been using your help to build my own POC and will publish the steps in another blog soon.

    Appreciate your effort for making such useful blogs and helping the community.
    Best Regards,
    Morgan Lee

  7. Hi Abhishek,

    Great post. Can’t get any more straight forward than this article. Thanks!

    We assume that folderX have one data owner and s/he will leave from the company. What is going to happen then? Is it possible to create alert or send an email -for/to the administrator or for/to all of the other data owners- when one of the data owner will
    leave from the company? How can we succeed it?

    What is going to happen if one of the data owners will leave from company?

    Appreciate your effort for making such useful blogs and helping the community.

    Kind Regards,
    Irene Hynes

  8. Greetings Mate,
    Thanks for the tip, appreciate it. Your article definitely helped me to understand the core concepts.
    I’m most excited about the details your article touch based! I assume it doesn’t come out of the box, it sounds like you are saying we’d need to write in the handlers ourselves. Sailpoint tutorial
    Is there any other articles you would recommend to understand this better?
    Can you provide some more information like
    1. Active directory running server windows version?
    2. IIQ Service running server windows Version? Is IIQService is installed as per iiq6.3 compatiability?
    3. Is rule is not executing or request not reaching to AD?
    please attached rule and applicationconfig .

    But great job man, do keep posted with the new updates.

  9. "Hi Abhi,

    This is one awesome blog. Much thanks again. Fantastic.

    We are unable to call ConnectorAfterDelete rule and execute batch file on Active Directory while deprovisioning/disabling user. Our batch file exists on Active Directory and it needs to be executed on Active Directory and version of IIQ we are using is 6.3. Sailpoint training USA Both IQService and Active Directory are installed separately on different windows boxes.
    In order to do this we have configured ConnectorAfterDelete Rule in Application configuration like

    name of rule

    Does anyone have any thoughts on this?
    I look forward to see your next updates.

    Thanks a heaps,

  10. Hi Abhishek,

    THANKS SO MUCH for sharing this! I would love to buy you a coffee since I now won’t be up all night that has been driving me crazy (until now!!). I just wish I knew what was going wrong but so glad it’s in the right place now! Thanks again:)
    You can delete the Sailpoint tutorial Certification Group object from iiq console using certification id, if the certifications has same name.
    Command syntax (to be run on iiq console):-
    >delete Certification Group
    Similarly you can delete Certification object.. just specify the type of object as Certification.
    Great effort, I wish I saw it earlier.

    Thank you,