Académique Documents
Professionnel Documents
Culture Documents
Certification reminders and escalations are time-dependent in their execution: a specified amount of time must
pass before they will occur. During development of escalation rules or reminder/escalation notice email
templates, much time could be lost while waiting for the required time to elapse to test them. This document
describes some alternatives that allow for testing of these rules and templates without waiting days for them to
execute.
NOTE: The options described here assume the tests are being conducted in a non-production environment.
NOTE: Changing time may have consequences for other actions occurring in the system, so the techniques
outlined in this document may work best in non-shared environments. Time Machines effect on time is more
limited than system clock alterations; it only affects the time calculations for work item escalations and
reminders, which includes certification work items.
Save the System Configuration object and navigate to URL: [IdentityIQ Base URL]/debug/timeMachine.jsf
(this is a hidden page). Specify the number of days (or hours or minutes) to move forward in time and click
Advance Time. The system reports the time advanced and the new current date/time that will be used in
reminder/escalation determinations.
Any subsequent advancements of time are applied cumulatively until time is reset. For example, if time is first
advanced by 3 days and then by 1 day, the current date/time used for these determinations will be 4 days in the
future from the actual current date/time.
NOTE: Certification reminders and escalations are scheduled by days, so in general, only the Time Machines
Days increment is useful for this testing, except in cases where a substantial amount of time has already passed
and the next notification event should happen in a matter of minutes or hours.
String timestr="15:00";
String datestr="09-23-2011";
Runtime rt = Runtime.getRuntime();
Process proc;
proc = rt.exec("cmd /C date " + datestr);
proc = rt.exec("cmd /C time " + timestr);
1. Create a certification with an active period duration of 1 week, a reminder set for 4 days before
expiration and an escalation configured to occur 1 day after one reminder is sent. (For this example,
escalation to a new owner is configured to occur only once.)
NOTE: The method for configuring additional escalations in versions 6.0+ is different from 5.5 and earlier
versions. Pre 6.0, only a single escalation configuration could be specified per certification; it could be
run more than once during the certifications lifecycle and its escalation rule had to determine the
appropriate new owner for each escalation level. Beginning with 6.0, each reminder series and each
escalation can be independently specified, providing additional flexibility in the notification options;
multiple separate escalation configurations can be added to each certification configuration as needed.
This means that different timings, email templates, and escalation rules can now be applied to each
escalation, and each escalation rule only needs to return a single new escalation owner. See the
Lifecycle of a Certification white paper for further information.
2. Move time forward 3 days and watch the reminder occur; verify that the email was sent.
3. Move time forward 1 more day and see the escalation occur.
NOTE: In 5.5 and earlier versions, the reminder specification applies to the escalation recipient as well,
so they will also receive daily reminders after escalation. In 6.0, that reminder series must be explicitly
configured to occur after the escalation if it is desired.
The delay duration before sending a reminder or escalating the workItem is controlled by the wakeUpDate
attribute on the workItem. That attribute can be altered on the workItem to trigger the reminder or escalation.
These are the steps to test reminders and escalations through modification of the workItem.
1. Generate a certification with the appropriate reminder schedule, reminder email template, escalation
rule, and escalation email template specified. This creates one or more workItems which each reference
a certification access review. (Subsequent steps assume the test is being conducted with a single access
review and therefore a single workItem.)
2. Open the workItem in the IdentityIQ Debug pages and change its wakeUpDate to -1 to indicate that
wake-up time has passed, meaning it is time for the first reminder or escalation to occur.
<WorkItem certification="4028df013e320270013e3db3e48605f8" created="1366834800906"
expiration="1367439599750" handler="sailpoint.api.Certificationer"
id="4028df013e320270013e3db3e90a0624" level="Normal"
To skip reminders and go straight to escalation, change the escalationMaxReminders value on the
WorkItems NotificationConfig to 0. .
<NotificationConfig escalationEnabled="true" escalationMaxReminders="0"
initialReminderMillisBeforeEnd="345600000" reminderFrequency="86400000"
remindersEnabled="true">
</NotificationConfig>
3. Run the Check Expired Work Items task; escalation and reminder actions only take place during a scan
for expired work items. Examine the emails that are generated or examine the workItems current
ownership to see that the escalation has been performed as expected.
4. Repeat steps 2 - 3 until all reminders/escalations have run.
NOTE: The new frequency does not take effect until the next time the task runs according to the previous
schedule, so either wait for the task to run again or advance the system clock to force it to run to reset the task
execution frequency. To verify that the timing change has been set correctly, click the Scheduled Tasks tab on
the Monitor -> Tasks window and examine the next execution time for the Check expired work items daily task.
SailPoint Technologies, Inc. makes no warranty of any kind with regard to this manual, including, but not limited to, the implied
warranties of merchantability and fitness for a particular purpose. SailPoint Technologies shall not be liable for errors contained herein or
direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Restricted Rights Legend. All rights are reserved. No part of this document may be photocopied, reproduced, or translated to another
language without the prior written consent of SailPoint Technologies. The information contained in this document is subject to change
without notice.
Use, duplication or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in
Technical Data and Computer Software clause at DFARS 252.227-7013 for DOD agencies, and subparagraphs (c) (1) and (c) (2) of the
Commercial Computer Software Restricted Rights clause at FAR 52.227-19 for other agencies.
Regulatory/Export Compliance. The export and reexport of this software is controlled for export purposes by the U.S. Government. By
accepting this software and/or documentation, licensee agrees to comply with all U.S. and foreign export laws and regulations as they
relate to software and related documentation. Licensee will not export or reexport outside the United States software or documentation,
whether directly or indirectly, to any Prohibited Party and will not cause, approve or otherwise intentionally facilitate others in so doing.
A Prohibited Party includes: a party in a U.S. embargoed country or country the United States has named as a supporter of international
terrorism; a party involved in proliferation; a party identified by the U.S. Government as a Denied Party; a party named on the U.S.
Government's Entities List; a party prohibited from participation in export or reexport transactions by a U.S. Government General Order;
a party listed by the U.S. Government's Office of Foreign Assets Control as ineligible to participate in transactions subject to U.S.
jurisdiction; or any party that licensee knows or has reason to know has violated or plans to violate U.S. or foreign export laws or
regulations. Licensee shall ensure that each of its software users complies with U.S. and foreign export laws and regulations as they relate
to software and related documentation.
Trademark Notices. Copyright 2014 SailPoint Technologies, Inc. All rights reserved. SailPoint, the SailPoint logo, SailPoint IdentityIQ,
and SailPoint Identity Analyzer are trademarks of SailPoint Technologies, Inc. and may not be used without the prior express written
permission of SailPoint Technologies, Inc. All other trademarks shown herein are owned by the respective companies or persons
indicated.