Bulk Password Set/Reset in Access Governance Suite

  • 7011029
  • 27-Jan-2012
  • 19-Oct-2012

Resolution

To set (or reset) a large number of Access Governance Suite passwords, create a rule that will iterate through each Identity in the system and set the password for each user. Run rule from the console. An example of such a rule appears below. This example iterates through every user, filtering for correlated IDs that are Managers, and sets each Identity's password through the API.

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE sailpoint PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<sailpoint>
<Rule name='Bulk Set Identity Password' language='beanshell'
      type='IdentityCreation'>

  <Description>
        Iterates through every identity in the system and sets a password for
        the Identity in Access Governance Suite.  
  </Description>

  <Signature returnType='Identity'>
    <Inputs>
      <Argument name='context'>
        <Description>
          A sailpoint.api.NetIQContext object that can be used to
          access the database.
        </Description>
      </Argument>
    </Inputs>
  </Signature>

  <Source>
    <![CDATA[
    
import java.util.Iterator;
 
import sailpoint.object.Filter;
import sailpoint.object.QueryOptions;
import sailpoint.object.Identity;

QueryOptions opts = new QueryOptions();
opts.setDistinct(true);

Filter filterCorrelated = Filter.eq("correlated", true);
opts.addFilter(filterCorrelated);

Filter filterManager    = Filter.eq("managerStatus", true);
opts.addFilter(filterManager);

Iterator iterator = context.search(Identity.class, opts);

while (iterator.hasNext()) {
     Identity thisId = (Identity) iterator.next();
     String idName  = thisId.getName();
     String idFirst = thisId.getFirstname();
     String idLast  = thisId.getLastname();
     
     String newPassword = "xyzzy";
   
     System.out.println("Setting password for: [" + idFirst + " " + idLast + "]");
     
     thisId.setPassword(newPassword);
     context.saveObject(thisId);
     context.commitTransaction();
}

System.out.println("Done processing Identity objects.");

 ]]>
</Source>
</Rule>
</sailpoint>

When this rule is run from the Access Governance Suite console, the output will look something like this:

> rule "Bulk"
Setting password for: [Alex Anderson]
Setting password for: [Debra Downing]
Setting password for: [John Smith]
Done processing Identity objects.
>