cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Deeplinks/direct link to access management page: Manage user access

Deeplinks/direct link to access management page: Manage user access

 

Symptoms

Environment: Apache Tomcat 9.0.x and SailPoint IdentityIQ 8.0

Specific access request pages can be accessed through direct links using parameters. As per the administration guide below is the form that has to be used to make an Access Request using direct links. 

https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>&filterRoleType=<roleType1>&filterRoleStringAttr=<roleAttrib1>

 

https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>&filterEntitlementApplication=<entApp1>&filterEntitlementAttribute=<entAttrib1>&filterEntitlementEntitlement=<entValue1>

 

https://<hostName>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/review?identityName=<identity1>&entitlement=<entitlementId>

 

This direct links when used causes issue when the parameters are more than one. It somehow considers only the 1st parameter.

 

Solution

Replace & with %26 to add parameters in Direct links

https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>%26filterRoleType=<roleType1>%26filterRoleStringAttr=<roleAttrib1>

 

https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>%26filterEntitlementApplication=<entApp1>%26filterEntitlementAttribute=<entAttrib1>%26filterEntitlementEntitlement=<entValue1>

 

https://<hostName>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/review?identityName=<identity1>%26entitlement=<entitlementId>

 

 NOTE: Role and Entitlement for which the request has to be made should be Requestable.

Comments

Thanks. Very helpful.

Hello @gaurav_khandelwal , 

Great thanks for such good post. 

Would like to ask if it's possible to also include the account selection in the deeplink, in our scenario, we have identity which has many application accounts (same application), as I know we don't have the a good UI for account selection in case of many accounts populated. So I am thinking deep link can be a possible solution here. 

I have tried the below deep link, but it's just for Identity selection and will bypass the account selection. Random account will be selected for the role assignment. Do you have any information which we can provide argument for account selection? 

http://192.168.15.128:8080/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=acce...?requesteeApp=QUQ%3D%26requesteeNativeIdentity=Q049RGF2aWQgSW4sT1U9SVQsT1U9SG9uZyBLb25nLERDPXNhaWxwb2ludCxEQz1kZW1v%26role=c0a80f8074ba19368174bdd1842a07b5

 

Thanks and Regards,

Mike

 

I am unable to see manage user access from magnified glass on the left side.

when i type iiq console (as below) nothing happening or no error found

C:\Users\ragha\Downloads\apache-tomcat-9.0.52-windows-x64\apache-tomcat-9.0.52\webapps\identityiq\WEB-INF\bin>iiq console

C:\Users\ragha\Downloads\apache-tomcat-9.0.52-windows-x64\apache-tomcat-9.0.52\webapps\identityiq\WEB-INF\bin>

jva

Is there a way to have you own (currently logged in) Identity selected as a first step, when using a URL like this: https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add?filterKeyword=<RoleName>

If a person can select multiple identities, than the users first needs to select his own Identity in step 1, and in step 2 the filter value is lost.

Hi @mike818148 

Did you figure out the deep link for account selection?

Regards,

B.

Hello @binod_bista,

At the moment nope. Instead, we have a plugin solution, which might help in your case, you can reference it here

The plugin is under to progress to become a freeware. If you are interested, please reach out to our sales mentioned in the post.

Hi 

will remove also work in same way as add? for below, when we tried for remove it is showing blank screen, while Add is working perfectly.

https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/remove?identityName=<identity1>

Is this possible in 8.3p3?

This is possible in 8.3p3 still! Just had an issue with my URL.

Hi,

Add is working fine but if I try with remove getting a blank screen. Has anyone implemented quicklink for remove access review page?

 

Version history
Revision #:
7 of 7
Last update:
‎Jul 25, 2023 06:17 PM
Updated by: