In a recent SailPoint IdentityIQ implementation I was required to perform single account aggregation in a LCM provisioning workflow. In general, single account aggregation can be done in a workflow step to update account attributes, add new account or remove existing invalid account in the Identity.
Alternatively, a full account re-aggregation can be done to achieve same results but that is time consuming. While fetching one account is faster, brings the changes immediately thus more efficient.
Single account aggregation can be done by aggregating the ResourceObject via the connector. Moreover, when we are sure that the account does not exist on the target system (say due to Move/Rename or Transfer), invoking connector is not necessary. In this case the deleted flag on the ResourceObject should be set to true to tell the aggregator to delete the account in the Identity.
The following is the code snippet for each case:
1. Add/Update Account (link)
Application appObject = context.getObjectByName(Application.class, applicationName);
Connector appConnector = sailpoint.connector.ConnectorFactory.getConnector(appObject, null);
ResourceObject rObj = (ResourceObject) appConnector.getObject(accountName, "account");
// Application may have some customization Rule, so run that first
// Set Rule args and run the Rule
Rule customizationRule = appObject.getCustomizationRule();
ResourceObject newRObj = context.runRule(customizationRule, ruleArgs, null);
// Set the task arguments and run aggregation
Attributes argMap = new Attributes();
argMap.put("applications", applicationName);
...
Aggregator agg = new Aggregator(context, argMap);
TaskResult taskResult = agg.aggregate(appObject, newRObj);
2. Remove Account (link)
Application appObject = context.getObjectByName(Application.class, applicationName);
ResourceObject rObj = (ResourceObject) appConnector.getObject(accountName, "account");
// Application may have some customization Rule, so run that first
// Set Rule args and run the Rule
Rule customizationRule = appObject.getCustomizationRule();
ResourceObject newRObj = context.runRule(customizationRule, ruleArgs, null);
// Set the task arguments and run aggregation
Attributes argMap = new Attributes();
argMap.put("applications", applicationName);
...
newRObj.setDelete(true);
Aggregator agg = new Aggregator(context, argMap);
TaskResult taskResult = agg.aggregate(appObject, newRObj);