Mobile Interface Direct Links

• Manage Password
  https://<hostname>/identityiq/ui/rest/redirect?
rp1=/ui/index.jsf&rp2=quickLinks/Manage%20Passwords/identities

• Manage Specific Password
  https://<hostname>/identityiq/ui/rest/redirect?
rp1=/ui/index.jsf&rp2=identities/<identityId>/passwords

• Manage Accounts
  https://<hostname>/identityiq/ui/rest/redirect?
rp1=/ui/index.jsf&rp2=quickLinks/Manage%20Accounts/identities

• Manage Specific Account https://<hostname>/identityiq/ui/rest/redirect?
rp1=/ui/index.jsf&rp2=identities/<identityId>/accounts

• Manage Certifications
  https://<hostname>/identityiq/ui/index.jsf#/certifications

• Policy Violations List Page
  https://<hostname>/identityiq/ui/index.jsf#/listViolations

Specific access request pages can be accessed through direct links using parameters. Query parameters can be appended to the Access Review Management tab URL.

Note: Your browser may require special characters in the parameter values to be URL-encoded. For example, spaces must be replaced with %20, ampersands (&) must be replaced with %26, and question marks (?) must be replaced with %3F.

http://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add%3FidentityName=<identity1>%26filterRoleType=<roleType1>%26filterRoleStringAttr=<roleAttrib1>%26quickLink=Request%20Access

The following parameters allow you to create direct links to the page with a variety of filters already selected:

Access Request Management Deep Link Parameters

Identity

identityName – name of identity the deep link is targeting.

Role Filters

filterRoleType
filterRole<attribute>

Note: Only role type and extended attributes are supported. Attributes from the bundle object are not supported.

Entitlement Filters

filterEntitlementApplication (multi)
filterEntitlementAttribute (multi)
filterEntitlementEntitlement (multi)
filterEntitlementOwner
filterEntitlement<attribute>

The (multi) params can be specified multiple times in a single URL. However, filterEntitlementOwner is NOT multi.

If an entitlement application has only one attribute defined, the direct link can omit the entitlement attribute on the URL and the defined attribute is used by default.

Note: With the exception of Application, Attribute, and Value, only extended attributes are supported.

Keyword Filters

filterKeyword

Note: If full text search indexing is enabled, the description is also searched for the keyword.

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the identity.

https://<hostname>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>%26quickLink=Request%20Access

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<roleType1> is the requested role.

https://<hostname>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>&filterRoleType=<roleType1>%26quickLink=Request%20Access

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<roleType1> is the type of role.

<roleAttrib1> is the role attribute.

https://<hostname>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>&filterRoleType=<roleType1>&filterRoleStringAttr=<roleAttrib1>%26quickLink=Request%20Access

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<entApp1> is the entitlement application.

<entAttrib1> is the entitlement attribute (such as memberOf or groupmbr).

<entValue1> is the entitlement value.

https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>&filterEntitlementApplication=<entApp1>&filterEntitlementAttribute=<entAttrib1>&filterEntitlementEntitlement=<entValue1>

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<entApp1> and <entApp2> are the entitlement applications.

<entAttrib1> and <entAttrib2> are the entitlement attributes (such as memberOf or groupmbr).

<entValue1> and <entValue2> are the entitlement values.

In the following example, two entitlements are requested.

https://<hostname>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf

&rp2=accessRequest/manageAccess/add?FidentityName=<identity1>

&filterEntitlementApplication=<entApp1>&filterEntitlementAttribute=<entAttrib1>

&filterEntitlementEntitlement=<entValue1>&filterEntitlementApplication=<entApp2>

&filterEntitlementAttribute=<entAttrib2>&filterEntitlementEntitlement=<entValue2>%26quickLink=Request%20Access

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed

<keyword1> is the specific keyword you want to find

https://<hostname>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf

&rp2=accessRequest/manageAccess/add?filterKeyword=<keyword1>%26quickLink=Request%20Access

Specific access request review pages can be accessed through direct links using parameters. Query parameters can be appended to the Access Request Review tab URL:

https://<hostname>identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=certification/<id>

Note: Your browser may require Special characters in the parameter values to be URl encoded. For example, spaces must be replaced with %20, & must be replaced with %26, and ? must be replaced with %3F.

The following parameters allow you to create direct links to the page with a variety of filters already selected:

Access Request Review Deep Link Parameters

Identity

filterKeyword – search term

If no identityName parameter is specified, the loggedInUser is used.

Role

To specify a role or entitlement using name or id:
role (multi) – name of id of role
entitlement (multi) – entitlement id

The (multi) params can be specified multiple times in a single URL.

Entitlements

To specify an entitlement without an id, use a combo:
entitlementApplication<X>
entitlementAttribute<X>
entitlementValue<X>

<X> corresponds to a matching integer, such as entitlementApplication1, entitilementAttribute1, entitlementValue1.

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<role1> is the name of the role.

https://<hostName>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/review?role=<role1>%26quickLink=Request%20Access

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<role1> and <role2> are requested roles.

https://<hostName>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/review?identityName=<identity1>&role=<role1>&role=<role2>%26quickLink=Request%20Access

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<role1> and <role2> are requested roles.

https://<hostName>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/review?identityName=<identity1>&role=<role1>&role=<role2>%26quickLink=Request%20Access

Note: If you define only one attribute defined for an application, the entitlementAttribute can be omitted and it will be filled in automatically. In all other cases, the attribute is required. In all cases, entitlementApplication and entitlementValue are required for each entitlement combination.

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<entApp1> and <entApp2> are the entitlement applications.

<entAttrib1> and <entAttrib2> are the entitlement attributes (such as memberOf or groupmbr).

<entValue1> and <entValue2> are the entitlement values.

Note: In the following example, two entitlements are requested.

https://<hostname>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf
&rp2=accessRequest/manageAccess/add&identityName=<identity1>&filterEntitlementApplication=<entApp1>
&filterEntitlementAttribute=<entAttrib1>&filterEntitlementEntitlement=<entValue1>
&filterEntitlementApplication=<entApp2>&filterEntitlementAttribute=<entAttrib2>
&filterEntitlementEntitlement=<entValue2>%26quickLink=Request%20Access

IdentityIQ supports the following mobile work items:

• Forms

• Approvals

• Request Violations

For all other types of work items, go to the desktop version of IdentityIQ and access the page associated with the work item.

You can link directly to any open work item such as a form or a violation. To access a direct link, a user must be logged in, have visibility to the work item and have authorization to access the item.

Note: Some work items, such as manager access reviews, are not supported as direct links. If a direct link contains a work item id that is not supported, a warning message displays that indicates the work item does not exist.

In the following example,

<hostname> is the name of the host on which IdentityIQ is installed.

<workItemid> is the identifying number for the work item.

https://<hostname>/SailPoint IdentityIQ/ui/rest/redirect?rp1=/ui/index.jsf&rp2=commonWorkItem/<workItemid>

When you send an email with a direct link to a pending work item to a user, the email system variable must be configured to match server name and path of the currently deployed instance of IdentityIQ. Click the Gear icon in the navigation menu bar and go to Global Settings > IdentityIQ Settings > Notification Settings tab > Notification Templates > Server Root Path.

For example, the default is set to https://localhost:8080/IdentityIQ. However, if you deploy from /spt on port 80, you should change the setting to https://localhost/spt.

Note: The $spTools.formatURL() is a Velocity template function that formats the url correctly in the actual email sent to the user.

$spTools.formatURL('/ui/index.jsf#/commonWorkItem')/$item.id