Application Builder

The Application Builder task lets you create multiple IdentityIQ applications, and update existing applications in bulk. The task also includes the ability to perform account and group aggregation for a host using the associated application. It can also export essential data about your existing applications.

The task accepts the inputs required to create or update applications from a.csv file. Sample.csv files for Linux-Direct and Windows-Local are provided with this task as examples of how input data can be defined. The sample files are located in the WEB-INF/config directory of your IdentityIQ installation. You can also use the task's Read option to create .csv files from your existing applications, to use as models for creating .csv files that support the create and update options.

By default, before creating or updating an application on IdentityIQ, a test connection is performed to ensure that the connector is performing correctly. To skip the Test Connection operation, use Skip Test Connection in the Application Builder options.

To enable logging for the Application Builder task, add this entry to the log4j2.properties file:

logger.ApplicationBuilderExecutor.name=sailpoint.task.ApplicationBuilderExecutor
logger.ApplicationBuilderExecutor.level=debug

Before using the task to update an existing application, it is recommended that you use the iiq console to export the application definition, in case you need to restore them to their original state.

When you use this task to Update an existing application, the update is partial; that is, the update operation can add new attribute definitions to an existing schema, as well as adding a new schema.

Use the account or group aggregation options to trigger a background aggregation task.

Working with Flexible Schemas and Provisioning Forms

The Application Builder task supports including XML definitions in your csv files if you need to create or update flexible account schemas, or provisioning forms. Refer to the sample.csv files provided with this task for examples of how a schema definition can be included in the.csv file. Sample files are provided in the WEB-INF/config directory for Linux-Direct and Windows-Local.

If your input file includes an XML definition of a Provisioning Form, be aware that importing a Provisioning Form definition in a create or update operation will replace all existing Provisioning Forms with the new form as defined in the .csv

Option

Description

Application Type

Select an application type from the drop-down list. This is type of application you want to bulk-process. A single application builder task can only process applications of the same IdentityIQ-supported type, such as JDBC, Active Directory, or LDAP

Operation

Select an operation from the drop-down list.

Create – create multiple applications by providing parameters in the .csv file in the specified format
Update – update existing applications by providing parameters in the .csv file in the specified format
Read – export existing applications to the .csv file format. Any existing exported files will be overwritten if the task is run again using the same filename.

The Read operation reads the attribute map, account schema, and provisioning policy of an existing application present in IdentityIQ and exports it to the file path provided in CSV format. You must provide the application type and file path to which the file is to be exported before running the operation.

File Path

The file path, including file name, for the.csv file. For the Read option, this is the path to the location and name of the file the task will create. For Create and Update options, this is the path to the file containing the data for creating or updating your applications; these files must be present on the application server or accessible within the network.

Sample .csv files are provided in the WEB-INF/config directory for Linux-Direct and Windows-Local:
Application-builder_linux.csv
Application-builder-windows-local.csv

Account Aggregation

Executes the account aggregation task. The account aggregation task is triggered sequentially.

The aggregation task will use the following format; the UID (unique identifier) is generated automatically:
<Application type> + <Account Aggregation> + <Current time stamp> + <UID>

Group Aggregation

Executes the group aggregation task. The group aggregation task is triggered sequentially.

The aggregation task will use the following format; the UID (unique identifier) is generated automatically:
<Application type> + <Group Aggregation> + <Current time stamp> + <UID>

Number of Applications per Aggregation Task

The number of application included in each aggregation task.

Default: 10

Skip Test Connection

Skip the default test connection operation.