Creating Direct Links to IdentityIQ

Lifecycle Manager enables you to create direct links into IdentityIQ pages from outside of the product from places such as emails, forms, or portal. These direct links can either use your single sign-on solution or require users to login to IdentityIQ as an intermediate step. Direct links can also use a number of filtering options enabling users to go directly to specific pages using specific filtering criteria.

IdentityIQ supports the following types of direct links:

• Desktop Direct Links

• Mobile Interface Direct Links

Desktop Direct Links

Direct links provide a method to link directly to IdentityIQ Desktop pages. For Example, use the following direct links to go to the Manage Accounts, or Manage Passwords, or Manage Identity pages for a user that is logged in to IdentityIQ, where is the name of the host on which IdentityIQ is installed.

If you are using deep links for Request Access, you need to include the quicklink name in your query parameters in order to ensure that the details dialogs work properly.

The following direct links can be used:

Manage Accounts

https://<hostname>/identityiq/ui/rest/redirect?rp1=/identities/identities.jsf&rp2=quickLinks/Manage%20Accounts

Manage Specific Account

https://<hostname>/identityiq/ui/rest/redirect?rp1=/identities/identities.jsf&rp2=identities/<identityId>/accounts

Manage Password

https://<hostname>/identityiq/ui/rest/redirect?rp1=/identities/identities.jsf&rp2=quickLinks/Manage%20Passwords/identities

Manage Specific Password

https://<hostname>/identityiq/ui/rest/redirect?rp1=/identities/identities.jsf&rp2=identities/<identityId>/passwords

Create Identity

https://<hostname>/identityiq/ui/rest/redirect?rp1=/identities/identities.jsf&rp2=quickLinks/Create%20Identity/createIdentity

Edit Identity

https://<hostname>/identityiq/ui/rest/redirect?rp1=/identities/identities.jsf&rp2=quickLinks/Edit%20Identity

Edit Specific Identity

https://<hostname>/identityiq/ui/rest/redirect?rp1=/identities/identities.jsf&rp2=identities/<identityId>/edit

View Identity

https://<hostname>/identityiq/ui/rest/redirect?rp1=/identities/identities.jsf&rp2=quickLinks/View%20Identity/identities

View Specific Identity

https://<hostname>/identityiq/ui/rest/redirect?rp1=/identities/identities.jsf&rp2=identities/<identityId>/attributes

Access Request Details (previously named Track My Requests)

https://<hostname>/identityiq/ui/rest/redirect?rp1=/identityRequest/identityRequest.jsf&rp2=requests

Track My Requests

https://<hostname>/identityiq/identityRequest/identityRequest.jsf

Manage Certifications

https://<hostname>/identityiq/certification/certification.jsf#/certifications

Policy Violation List Page

https://<hostname>/identityiq/policyViolation/policyViolation.jsf#/policyViolations

Access Request for Single User Pre-Selected

https://<hostname>/identityiq/ui/rest/redirect? rp1=%2FaccessRequest%2FaccessRequest.jsf&rp2=accessRequest%2FmanageAccess%2Fadd%3 FquickLink%3DRequest>Access%26identityName%3DAmanda.Ross

Access Request for Single User Pre-Selected – Filtering on Role Type

https://<hostname>/identityiq/ui/rest/redirect? rp1=%2FaccessRequest%2FaccessRequest.jsf&rp2=accessRequest%2FmanageAccess%2Fadd%3 FquickLink%3DRequest%20Access%26identityName%3DAmanda.Ross%26filterRoleType%3 Dbusiness

Access Request Logged In User Selected with Filtering on Multiple Applications

https://<hostname>/identityiq/ui/rest/redirect? rp1=%2FaccessRequest%2FaccessRequest.jsf&rp2=accessRequest%2FmanageAccess%2Fadd%3 FquickLink%3DRequest%20Access%26filterEntitlementApplication%3DActive%2520 Directory%26filterEntitlementApplication%3DAzure%2520Active%2520Directory

Access Request Logged In User Selected with Filtering on a Keyword Search

https://<hostname>/identityiq/ui/rest/redirect? rp1=%2FaccessRequest%2FaccessRequest.jsf&rp2=accessRequest%2FmanageAccess%2Fadd% 3FquickLink%3DRequest%20Access%26filterKeyword%3DKeyword

Mobile Interface Direct Links

Use the following direct links to go directly to IdentityIQ Mobile pages:

Direct Link to Passwords (Mobile)

• Manage Password
  https://<hostname>/identityiq/ui/rest/redirect? rp1=/ui/index.jsf&rp2=quickLinks/Manage%20Passwords/identities

• Manage Specific Password
  https://<hostname>/identityiq/ui/rest/redirect? rp1=/ui/index.jsf&rp2=identities/<identityId>/passwords

Direct Link to Manage Accounts (Mobile)

• Manage Accounts
  https://<hostname>/identityiq/ui/rest/redirect? rp1=/ui/index.jsf&rp2=quickLinks/Manage%20Accounts/identities

• Manage Specific Account
  https://<hostname>/identityiq/ui/rest/redirect? rp1=/ui/index.jsf&rp2=identities/<identityId>/accounts

Direct Link to Manage Certifications (Mobile)

• Manage Certifications
  https://<hostname>/identityiq/ui/index.jsf#/certifications

Direct Link to Policy Violations (Mobile)

• Policy Violations List Page
  https://<hostname>/identityiq/ui/index.jsf#/listViolations

Direct Link to Access Management Page (Mobile)

Specific access request pages can be accessed through direct links using parameters. Query parameters can be appended to the Access Review Management tab URL.

Important

If you are using deep links for Request Access, you must include the quicklink name in your query parameters in order to ensure that the details dialogs work properly.

Note

Your browser may require special characters in the parameter values to be URL-encoded. For example, spaces must be replaced with %20, ampersands (&) must be replaced with %26, and question marks (?) must be replaced with %3F.

http://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add%3FidentityName=<identity1>%26filterRoleType=<roleType1>%26filterRoleStringAttr=<roleAttrib1>%26quickLink=Request%20Access

The following parameters allow you to create direct links to the page with a variety of filters already selected:

• Access Request Management Deep Link Parameters

  Identity
  identityName – name of identity the deep link is targeting.

  Role Filters
  filterRoleType
  filterRole<attribute>

Note

Only role type and extended attributes are supported. Attributes from the bundle object are not supported.

Entitlement Filters

filterEntitlementApplication (multi)
filterEntitlementAttribute (multi)
filterEntitlementEntitlement (multi)
filterEntitlementOwner
filterEntitlement<attribute>

The (multi) params can be specified multiple times in a single URL. However, filterEntitlementOwner is NOT multi.

If an entitlement application has only one attribute defined, the direct link can omit the entitlement attribute on the URL and the defined attribute is used by default.

Note

With the exception of Application, Attribute, and Value, only extended attributes are supported.

Keyword Filters

filterKeyword

Note

If full text search indexing is enabled, the description is also searched for the keyword.

Access Request for Single User Pre-Selected

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the identity.

https://<hostname>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>%26quickLink=Request%20Access

Access Request for Single User Pre-Selected – Filtering on Role Type

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<roleType1> is the requested role.

https://<hostname>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>&filterRoleType=<roleType1>%26quickLink=Request%20Access

Access Request for Single User Pre-Selected – Filtering on Role Type and Role Extended Attribute

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<roleType1> is the type of role.

<roleAttrib1> is the role attribute.

https://<hostname>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>&filterRoleType=<roleType1>&filterRoleStringAttr=<roleAttrib1>%26quickLink=Request%20Access

Access Request for Single User Pre-Selected – Filtering on a Single Entitlement Application / Attribute / Value

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<entApp1> is the entitlement application.

<entAttrib1> is the entitlement attribute (such as memberOf or groupmbr).

<entValue1> is the entitlement value.

https://<hostname>/identityiq/ui/rest/redirect?rp1=/accessRequest/accessRequest.jsf&rp2=accessRequest/manageAccess/add?identityName=<identity1>&filterEntitlementApplication=<entApp1>&filterEntitlementAttribute=<entAttrib1>&filterEntitlementEntitlement=<entValue1>

Access Request Logged In User Selected with Filtering on Multiple Applications

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<entApp1> and <entApp2> are the entitlement applications.

<entAttrib1> and <entAttrib2> are the entitlement attributes (such as memberOf or groupmbr).

<entValue1> and <entValue2> are the entitlement values.

In the following example, two entitlements are requested.

https://<hostname>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf &rp2=accessRequest/manageAccess/add?FidentityName=<identity1> &filterEntitlementApplication=<entApp1>&filterEntitlementAttribute=<entAttrib1> &filterEntitlementEntitlement=<entValue1>&filterEntitlementApplication=<entApp2> &filterEntitlementAttribute=<entAttrib2>&filterEntitlementEntitlement=<entValue2>%26quickLink=Request%20Access

Access Request Logged In User Selected with Filtering on a Keyword Search

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed

<keyword1> is the specific keyword you want to find

https://<hostname>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf &rp2=accessRequest/manageAccess/add?filterKeyword=<keyword1>%26quickLink=Request%20Access

Direct Link to IdentityIQ Manage Access Review Page (Mobile)

Specific access request review pages can be accessed through direct links using parameters. Query parameters can be appended to the Access Request Review tab URL:

https://<hostname>identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=certification/<id>

Note

Your browser may require Special characters in the parameter values to be URl encoded. For example, spaces must be replaced with %20, & must be replaced with %26, and ? must be replaced with %3F.

The following parameters allow you to create direct links to the page with a variety of filters already selected:

Access Request Review Deep Link Parameters

Identity
filterKeyword – search term
If no identityName parameter is specified, the loggedInUser is used.

Role
To specify a role or entitlement using name or id:
role (multi) – name of id of role
entitlement (multi) – entitlement id

The (multi) params can be specified multiple times in a single URL.

Entitlements

To specify an entitlement without an id, use a combo:
entitlementApplication<X>
entitlementAttribute<X>
entitlementValue<X>
<X> corresponds to a matching integer, such as entitlementApplication1, entitilementAttribute1, entitlementValue1.

Access Request for Logged In User for a Single Role

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<role1> is the name of the role.

https://<hostName>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/review?role=<role1>%26quickLink=Request%20Access

Access Request for a Specified User for Multiple Roles

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<role1> and <role2> are requested roles.

https://<hostName>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/review?identityName=<identity1>&role=<role1>&role=<role2>%26quickLink=Request%20Access

Access Request for Logged In User for Single Entitlement Using Entitlement ID

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<role1> and <role2> are requested roles.

https://<hostName>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf&rp2=accessRequest/review?identityName=<identity1>&role=<role1>&role=<role2>%26quickLink=Request%20Access

Multiple Entitlements for Specified User Using Entitlement Application/Attribute/Value

Note

If you define only one attribute defined for an application, the entitlementAttribute can be omitted and it will be filled in automatically. In all other cases, the attribute is required. In all cases, entitlementApplication and entitlementValue are required for each entitlement combination.

In the following example,

<hostName> is the name of the host on which IdentityIQ is installed.

<identity1> is the name of the user.

<entApp1> and <entApp2> are the entitlement applications.

<entAttrib1> and <entAttrib2> are the entitlement attributes (such as memberOf or groupmbr).

<entValue1> and <entValue2> are the entitlement values.

Note

In the following example, two entitlements are requested.

https://<hostname>/identityiq/ui/rest/redirect?rp1=/ui/index.jsf &rp2=accessRequest/manageAccess/add&identityName=<identity1>&filterEntitlementApplication=<entApp1> &filterEntitlementAttribute=<entAttrib1>&filterEntitlementEntitlement=<entValue1> &filterEntitlementApplication=<entApp2>&filterEntitlementAttribute=<entAttrib2> &filterEntitlementEntitlement=<entValue2>%26quickLink=Request%20Access

Direct Link to Pending Work Items (Mobile)

IdentityIQ supports the following mobile work items:

• Forms

• Approvals

• Request Violations

For all other types of work items, go to the desktop version of IdentityIQ and access the page associated with the work item.

You can link directly to any open work item such as a form or a violation. To access a direct link, a user must be logged in, have visibility to the work item and have authorization to access the item.

Note

Some work items, such as manager access reviews, are not supported as direct links. If a direct link contains a work item id that is not supported, a warning message displays that indicates the work item does not exist.

In the following example,

<hostname> is the name of the host on which IdentityIQ is installed.

<workItemid> is the identifying number for the work item.

https://<hostname>/SailPoint IdentityIQ/ui/rest/redirect?rp1=/ui/index.jsf&rp2=commonWorkItem/<workItemid>

Using Direct Work Item Links in Email Templates

When you send an email with a direct link to a pending work item to a user, the email system variable must be configured to match server name and path of the currently deployed instance of IdentityIQ. Click the Gear icon in the navigation menu bar and go to Global Settings > IdentityIQ Settings > Notification Settings tab > Notification Templates > Server Root Path.

For example, the default is set to https://localhost:8080/IdentityIQ. However, if you deploy from /spt on port 80, you should change the setting to https://localhost/spt.

Note

The $spTools.formatURL() is a Velocity template function that formats the url correctly in the actual email sent to the user.

$spTools.formatURL('/ui/index.jsf#/commonWorkItem')/$item.id