Environment: Apache Tomcat 9.0.x and SailPoint IdentityIQ 8.0
Specific access request pages can be accessed through direct links using parameters. As per the administration guide below is the form that has to be used to make an Access Request using direct links.
https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>&filterRoleType=<roleType1>&filterRoleStringAttr=<roleAttrib1> |
https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>&filterEntitlementApplication=<entApp1>&filterEntitlementAttribute=<entAttrib1>&filterEntitlementEntitlement=<entValue1> |
https://<hostName>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/review?identityName=<identity1>&entitlement=<entitlementId> |
This direct links when used causes issue when the parameters are more than one. It somehow considers only the 1st parameter.
Replace & with %26 to add parameters in Direct links
https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>%26filterRoleType=<roleType1>%26filterRoleStringAttr=<roleAttrib1> |
https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>%26filterEntitlementApplication=<entApp1>%26filterEntitlementAttribute=<entAttrib1>%26filterEntitlementEntitlement=<entValue1> |
https://<hostName>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/review?identityName=<identity1>%26entitlement=<entitlementId> |
NOTE: Role and Entitlement for which the request has to be made should be Requestable.
Thanks. Very helpful.
Hello @gaurav_khandelwal ,
Great thanks for such good post.
Would like to ask if it's possible to also include the account selection in the deeplink, in our scenario, we have identity which has many application accounts (same application), as I know we don't have the a good UI for account selection in case of many accounts populated. So I am thinking deep link can be a possible solution here.
I have tried the below deep link, but it's just for Identity selection and will bypass the account selection. Random account will be selected for the role assignment. Do you have any information which we can provide argument for account selection?
http://192.168.15.128:8080/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=acce...?requesteeApp=QUQ%3D%26requesteeNativeIdentity=Q049RGF2aWQgSW4sT1U9SVQsT1U9SG9uZyBLb25nLERDPXNhaWxwb2ludCxEQz1kZW1v%26role=c0a80f8074ba19368174bdd1842a07b5
Thanks and Regards,
Mike
I am unable to see manage user access from magnified glass on the left side.
when i type iiq console (as below) nothing happening or no error found
C:\Users\ragha\Downloads\apache-tomcat-9.0.52-windows-x64\apache-tomcat-9.0.52\webapps\identityiq\WEB-INF\bin>iiq console
C:\Users\ragha\Downloads\apache-tomcat-9.0.52-windows-x64\apache-tomcat-9.0.52\webapps\identityiq\WEB-INF\bin>
Is there a way to have you own (currently logged in) Identity selected as a first step, when using a URL like this: https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add?filterKeyword=<RoleName>
If a person can select multiple identities, than the users first needs to select his own Identity in step 1, and in step 2 the filter value is lost.
Hello @binod_bista,
At the moment nope. Instead, we have a plugin solution, which might help in your case, you can reference it here.
The plugin is under to progress to become a freeware. If you are interested, please reach out to our sales mentioned in the post.
Hi
will remove also work in same way as add? for below, when we tried for remove it is showing blank screen, while Add is working perfectly.
https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/remove?identityName=<identity1>
Is this possible in 8.3p3?
This is possible in 8.3p3 still! Just had an issue with my URL.
Hi,
Add is working fine but if I try with remove getting a blank screen. Has anyone implemented quicklink for remove access review page?