IdentityWorks Sailpoint IIQ Enhancer Plugin

Overview of the IIQ User Page enhancements

IdentityWorks Sailpoint IIQ Enhancer Plugin

The SailPoint IIQ user interface is far more user-friendly and reliable than the interface of competing identity managers. However, from time to time, it still encounters limitations. IdentityWorksLLC has created an IIQ plugin, the SailPoint Enhancer Plugin, to insert many useful features and security enhancements to the existing user interface, filling in the gaps.

Contact IdentityWorksLLC if you are interested in this software!

Identity Page Enhancements

The screenshot below indicates several enhancements to the View Identity page, described in the sections below.

The Identity page enhancements are largely calculated server-side, for security purposes. Buttons, fields, or labels that a user should not be able to see are never sent to the browser. The client-side portions simply update the existing SailPoint user interfaces.

Enhanced IIQ user page
A screenshot showing some of the user page enhancing features

Action buttons (aka Fancy Buttons)

The Fancy Buttons feature adds custom action buttons to each page in the Identity Warehouse and LCM View Identity pages.

Screenshot showing the default buttons included with the Plugin
These are the default buttons included with the Plugin. Note that the IDW History Plugin is required to see the History Viewer button.

Buttons can be configured to execute virtually any action, including actions usually performed via QuickLink, custom REST API endpoints, and Beanshell scripts. The Plugin also includes a number of out-of-box default buttons, shown in the screenshot. These are common actions useful to administrators and developers, especially in non-Production systems.

  • Full Refresh / Role Refresh / Process Events: Executes an individual Identity Cube Refresh against only the current Identity with different flags set, depending on the button used.
  • Aggregate: Performs a single-account aggregation (getObject) on each of the accounts correlated with the current Identity.
  • Enable/Disable: Enables or Disables the current Identity.
  • Admin Notes: Allows administrators to add permanent admin-only text notes to any Identity. For example, this could be used to describe historical problems with a particular Identity's accounts for future reference.
  • Add Role/Account/Entitlement: Allows administrators to provision various items to the current user.

Buttons (including the defaults) can be shown or hidden individually, depending on the rights, capabilities, workgroups, or other properties of the logged in IIQ user or the identity being viewed. Button security is always double-checked before allowing the action to proceed, preventing users from simulating a button action via the browser's developer console.

Buttons can display "Are you sure?" messages when clicked.

Are you sure?
The confirmation screen prompts the user to verify that they wanted to actually do the action.

Certain provided buttons have custom functions, such as the Open Items and Add Entitlement views.

Button to add an entitlement to this user
This button can add an arbitrary entitlement to the currently viewed user, useful during development.
Open items button screenshot
This button shows any pending workflows attached to this user, including refresh workflows that are blocking further refreshes of the user. You can delete or forward any work items from this view, or go to the specific page for the TaskResult or Work Item.

Dynamic Identity Fields

Plugin generating custom attributes

The Identity attributes displayed in the screenshot above are all dynamically generated and displayed by the Plugin.

The only attribute shown that SailPoint is rendering in the usual way is User Name, as illustrated in the screenshot below.

The same page with the plugin disabled, showing that the fields are gone
This is the same Identity viewed with the Plugin disabled, showing that none of the Identity attributes are displayed.
 

The Plugin can show its dynamic fields on both the Identity Warehouse and LCM View Identity pages. 

Fields may be shown or hidden individually, depending on the rights, capabilities, workgroups, or other properties of the logged in IIQ user or the identity being viewed. For example, a university may not want student Help Desk workers being able to view certain PII fields, while administrators may need to be able to view them. The PII fields could be hidden by excluding a workgroup or capability assigned to students or using a filter matching student identities. This is not a function available in SailPoint IIQ out-of-box.

Field values may reflect an attribute or may be dynamically calculated (as in the "Descriptions" field in the screenshot") using a Beanshell script. Fields may be arbitrarily colored using CSS styles. Fields can be grouped into sections, such as the "Demographic Data" section in the screenshot.

Fields may also have custom help text, displayed when the user hovers over the [?] icon.

Showing the hover button
The caption is displayed when the user hovers over the [?] icon next to the Descriptions field.
 

Labels

The Plugin can add labels to the View Identity or Identity Warehouse pages for an individual user. These colored tags can quickly communicate vital information to those viewing the Identity.

Labels showing active status and that a refresh workflow is pending
Labels showing that the user is Active and that she has pending refresh workflows blocking future refreshes.

Default labels include a status indicator (which can be customized using a Beanshell script) and a warning flag indicating that a refresh workflow is in progress for this user. You may add as many custom labels as you wish, as shown in the example below.

A screenshot showing a custom label reading "Label Display Text"
The "Label Display Text" element in this screenshot is a custom label. This label is only shown in this demo system on users whose first names begin with "A".

Recent Identities

The Plugin adds recently viewed Identities to the "Identities" dropdown menu, as well as breadcrumbs on the Identity Warehouse page.

Drop down menu showing recently viewed identity Irma Arendell
The recently viewed user Irma Arrendell can be accessed quickly using the Recent section of the drop-down menu.
 
Breadcrumbs in the Identity Warehouse
Breadcrumbs also show the most recently viewed users on the Identity Warehouse search page.

Toolbox

For administrators, the Plugin adds a Toolbox button in the upper right of the user interface.

The Toolbox button

Click the button to open a panel with a number of useful administrator features. Our intention is to continue adding items to the Toolbox panel as we find them useful.

The Toolbox menu
This is the sliding menu produced by clicking the Toolbox button. It has two action buttons (which should be self-explanatory), as well as live views for recently executed Tasks and Provisioning Transactions. These views can be easily filtered.

XML Viewer

For administrators, the Plugin adds a pop-up XML Viewer, triggered by a keypress, to identity, application, role, task result, and other pages. This prevents you from having to go into the Debug page to locate the XML for your object.

The pop-up XML view for an Identity
This view was triggered by a keypress while viewing a particular identity. The underlined dates (such as 'created') will show a human-readable translation on hover.

Other enhancements

The Plugin adds many other minor enhancements to other parts of the user interface.

Screenshot showing the retry buttons on each of the failed provisioning transactions in the admin console
Administrators can retry failed provisioning transactions directly from the Admin Console.
 
The plugin adds a delete button to the work item screen for admins
Administrators can delete work items (and the associated workflows and requests) directly from the Work Items screen. We will also be adding a cancel button here.
 
The "Recent" menu showing a recently viewed Application
Recently viewed Applications, Roles, and Task Results will be quickly accessible for admins from this menu.

 

How to get the plugin

Please contact IdentityWorksLLC using our Contact form if you are interested in this plugin or any of our other SailPoint IIQ work!

Tags
plugin
sailpoint
iiq
enhancer plugin
Subscribe now for news and updates from Identity Works LLC
The subscriber's email address.