Wikis - Page

NetIQ Access Governance Reporting Customization to Report Inactive Identities with Active App

0 Likes

 

1. Introduction / Use cases

 



NetIQ Access Governance (SailPoint IIQ) provides several Out of the Box (OOTB) Report Templates which can generate a report on inactive users, but there is no report template available which can display Inactive Identities with Active Application Account (i.e. IIQDisabled is null or false).

This solution will explain the steps to build a custom report template and Java data source to generate a custom report which will show terminated identities whose application accounts are still enabled.

 

2. Understand the Access Governance Reports Model

 


If you would like to understand the Sailpoint reporting module, please follow the link below:

https://community.sailpoint.com/docs/DOC-2027

2.1 Task Definition
In SailPoint, a report is executed as a specialized task. The root element of a report is a <TaskDefinition> element and the report template is saved as TaskDefinition object / XML.

This XML contains Arguments, Reporting columns, Report data source, Rights etc.

2.2 Report Data Source
The data shown in the detail section of the report is retrieved through a query that is built based on a combination of the <DataSource> specification and the element. In general, a query is specified in three parts: Select, From, and Where. The Select portion (the columns list) is specified through the <Columns> element in the report definition – specifically, the <ReportColumnConfig>s listed within element. The From and Where clauses are specified through the <DataSource> element.

There are three available datasource types: Filter, Java, and HQL. In this example, I have used Java datasource.

 

3. Create Template and Data Source

 


3.1 Create and Import Report Template
I have given a sample Report Template (TaskDefinition XML) which will take the argument as Application list to exclude from the report and Identity Status (Active / Inactive).

Terminated-Identities-with-App-Access.xml

Download the XML file and import it using checkin command from the console.

3.2 Create and Deploy Java Data Source
Report template is referring datasource class as “sailpoint.reporting.datasource.CustomUserDataSource”. The source code of the datasource can be downloaded from here.

CustomUserDataSource.java

You need ags.jar and jasperreports-javaflow-4.5.0.jar to compile the code and create a JAR file. You need to deploy the JAR file into ags/WEB-INF/lib directory and restart the web server.

Here is the compiled JAR file (remove .txt extension), you can just deploy the JAR file and test the given Report template.

CustomReport.jar

 

4. Create and Execute Report

 


Go to Reports tab and click on “Terminated Identities With Application Access Enabled” template:



Name the Report and click on Next:



Check the “Only show terminated users?” box and click on Next:



Choose Sort By and Group By and click on Save and Execute:



The report will be executed and displayed as below:



Labels:

Collateral
How To-Best Practice
Comment List
Related
Recommended