I was trying this, and it works only if the "username" is contained on Traka, however if for instance "adm_username" is there, then ti wouldn't work.
I do not know whether this is even technically possible, since sailpoint seems to be grabbing the identity directly, each time it is iterating through a search.
import sailpoint.object.*;
import java.util.*;
import java.text.*;
PolicyViolation polVil = null;
if (identity != null) {
String identityName = identity.getName();
// Check if the identity has the Traka application entitlement
boolean hasTrakaEntitlement = false;
List<Link> links = identity.getLinks();
for (Link link : links) {
if (link.getApplicationName().equalsIgnoreCase("Traka")) {
hasTrakaEntitlement = true;
break;
}
}
// Check if the identity's department is not "IAM"
boolean hasNonIAMDepartment = false;
if (identity.getLinks() != null) {
for (Link link : identity.getLinks()) {
String department = (String) link.getAttribute("Department");
if (department != null && !department.equalsIgnoreCase("IAM")) {
hasNonIAMDepartment = true;
break;
}
}
}
// If the identity has the Traka application entitlement and non-IAM department, create a policy violation
if (hasTrakaEntitlement && hasNonIAMDepartment) {
polVil = new PolicyViolation();
polVil.setActive(true);
polVil.setIdentity(identity);
polVil.setPolicy(policy);
polVil.setDescription("Identity has the Traka application entitlement and non-IAM department.");
} else {
}
}
return polVil;