Saturday, July 6, 2013

Certification creation task

Sometimes in large organizations it is required to a create lot of certifications for many managers, and it is quite time consuming and error prone if done manually. Mostly I have seen requirements for certifications to be created of a particular set of people in a BU or having access to particular application, for a specific manager. And most of the time this manager information does not flow from the HR authoritative source data, so it requires separate discussion with business to identify the reviewers.
In this post I am going to explain how to create a custom task to generate certifications in SailPoint, where in the tasks you can give the inputs like identities to certify and the reviewers.

(In this example I have created a task to take input a population and application name)

  1. Create a new advanced certification and give some default parameters and schedule it for a future date.Rename the new cert created in debug, with some unique name that you can refer in the custom task.
  2. Create a custom task which will have the input parameters for the new certification to be created. 
  3. < ?xml version='1.0' encoding='UTF-8'? >
    < !DOCTYPE TaskDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd" >
    < TaskDefinition executor="sailpoint.custom.AutoCerts"  name="AutoCerts" progressInterval="5000" progressMode="String" template="true" resultAction="Delete" type="Generic" >
      < Description>Run Auto Certifications< /Description >
      < Signature >
        < Inputs >
          < Argument name="application" required="true" type="Application" >
            < Prompt>Application< /Promp t>
          < /Argument >
           < Argument name="population" required="true" type="GroupDefinition" >
            < Prompt >Population< /Prompt >
          < /Argument >
         < /Inputs >
        < /Signature >
    < /TaskDefinition >

    This is will create a task with two input parameters "application" and "population"
  4. Now create custom class AutoCerts which will create a new cert with the given parameters. This custom class has three important steps  
    1. Create clone of the certification created in step 1.
    2. Overide the paramters of  certification with the one provided from the task in step 2.
    3. Create a new task with the new certification object an execute it.
 public class AutoCerts extends AbstractTaskExecutor {
 public void execute(SailPointContext ctx, TaskSchedule tskshd, TaskResult tskresult,            Attributes attrs) throws Exception {

//get the application attributes from the task

String appname = (String) attrs.get("application");
String population = (String) attrs.get("population");

//create a new map of population and certifiers 

ArrayList certifiers = new ArrayList();
certifiers.add("abhishek"); // id of user needs to be added

 HashMap> certmap = new HashMap>();
 certmap.put(population, certifiers);

// create object of the certfication created in step 1 and clone it 

CertificationDefinition AbhiCertDef = context.getObject(CertificationDefinition.class, "Abhi Auto Cert");

XMLObjectFactory obj = XMLObjectFactory.getInstance();
CertificationDefinition newCert = (CertificationDefinition) obj.cloneWithoutId(AbhiCertDef ,(XMLReferenceResolver) context);

//overrride the new certfication paramters
 newCert.setName(certName + " - " + new Date());


//create new task to execute the cert

TaskSchedule runcerts= new TaskSchedule();
runcerts.setArgument("certificationDefinitionId", newCert.getId());
runcerts.setArgument("executor", "Certification Manager");
runcerts.setArgument("resultName", scheduleName);

TaskManager tskMgr = new TaskManager(ctx);


No comments:

Post a Comment