Launching Workflows Using SailPoint IIQ Console Command Line

Did you ever build a workflow in IIQ then spend more time setting up testing than writing the workflow? 

A common example is to build a transfer workflow that triggers on an attribute change from the authoritative HR feed. Since the HR feed is automated, you have to mimic the behavior to trigger the change, necessitating updating the HR source, aggregating the source, running an identity refresh, and waiting for all that to complete.

There is a much simpler way to accomplish the same result, use the IIQ console to run the workflow with an input file that sets the same inputs as the full cycle of events would.

There are three steps to testing a workflow with IIQ console. Determine the required input data. Create an XML file with the input data. Open IIQ console and execute the command > workflow “WORKFLOWNAME” “INPUTFILE”.

Step 1 – Get The Inputs

Workflows in IIQ may have variables defined as input. To determine the inputs required by your workflow, open the workflow in an editor and search for input=”true” in Variable tags. The name=”variable” value within the tag is the input key. It might be helpful to execute the workflow with workflow tracing enabled to see valid values that get assigned as well. Once you have your inputs and example values for them, you can proceed to building your input file.

<?xml version=’1.0′ encoding=’UTF-8′?>
<!DOCTYPE Workflow PUBLIC “sailpoint.dtd” “sailpoint.dtd”>
<Workflow id=”abc123bb55792bd5015592cf923b08a5″ libraries=”Identity” name=”Transfer” type=”IdentityLifecycle”>
<Variable input=”true” name=”trigger”>
<Description>The IdentityTrigger</Description>
<Variable input=”true” name=”event” transient=”true”>
The IdentityChangeEvent. It can be used to build
the provisioning plan, but does not need to be
persisted with the case, so marked as transient.
<Variable input=”true” name=”identityName”>
<Description>The name of the identity.</Description>

Step 2 – Build The Input File

Create an XML file(d:\temp\id.xml in our case) and place it on the IIQ application server where you will be running IIQ console. Add an XML declaration line, the SailPoint document type declaration line, and a body that contains a map of the input values. Create one entry for each input using the name of the input variable as the key value and set the value for each to a valid test value.

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE Map PUBLIC “sailpoint.dtd” “sailpoint.dtd”>
<entry key=”trigger” value=”LCM“/>
<entry key=”identityName” value=”IDMUSER1“/>
<entry key=”trigger” value=”wftest“/>
<entry key=”event” value=”testtransfer“/>

Step 3 – Run It And See The Results

Launch the IIQ console from your IIQ\WEB-INF\bin directory. You may want to update the appropriate IIQ script for your environment with additional Java settings for greater than default memory settings, alternate temp file locations, or others based on you configuration prior to executing. Once IIQ console is open, execute the command, watch the output console/logs, and check for results.

C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\identityiq\WEB-INF\bin>iiq console
>workflow Transfer d:\temp\id.xml

<?xml version=’1.0′ encoding=’UTF-8′?>
<!DOCTYPE WorkflowCase PUBLIC “sailpoint.dtd” “sailpoint.dtd”>
<WorkflowCase completed=”1491943910013″ created=”1491943909353″ id=”8a4991bb5b598fea015b5ec967e95cf1″ launcher=”spadmin” modified=”1491943909417″ name=”Transfer –
<TaskResult completed=”1491943910014″ completionStatus=”Success” created=”1491943909350″ id=”8a4991bb5b598fea015b5ec967e65cf0″ launched=”1491943904962″ launcher=”spadm
in” modified=”1491943910017″ name=”Transfer – 30″ type=”Workflow”>
<entry key=”cart”/>
<entry key=”identityRequestId” value=”0000002168″/>
<entry key=”workflowCaseId” value=”8a4991bb5b598fea015b5ec967e95cf1″/>
<entry key=”workflowProcessId”/>
<entry key=”workflowSummary”>
<WorkflowSummary step=”end”/>
<Reference class=”sailpoint.object.TaskDefinition” id=”8a4991d651848dbc0151848e51780176″ name=”Workflow Launcher”/>
<Workflow complete=”true” currentStep=”f3e161ac5a3049a6b23a53d287d543db” explicitTransitions=”true” libraries=”Identity” name=”Transfer” type=”IdentityLifecycle
<Variable input=”true” name=”trigger”/>
<Variable input=”true” name=”event” transient=”true”/>
<Variable input=”true” name=”identityName”/>
<Variable editable=”true” initializer=”true” name=”plan”/>
<Variable editable=”true” initializer=”true” name=”optimisticProvisioning”/>

That’s all there is to it. You now have a reusable test harness for your workflow, just vary the inputs.

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

Leave a Reply

Your email address will not be published. Required fields are marked *