The IdentityIQ Console is the command line utility for interfacing with IdentityIQ.
Launching the Console
The IdentityIQ Console (iiq console) is launched by running the iiq.bat file found in the installation Directory/WEB-INF/bin directory. From a command prompt, launch the console with the command as shown for each operating system type:
Windows: iiq console
Unix: ./iiq console -j
The iiq console requires the System Administrator capability.
By default, the iiq console tries to authenticate with the default user/password spadmin / admin. If authentication fails, you are prompted for a user name and password. Specify the user name and password on the command line.
For example:
iiq console -u amy.cox -p mypassword
The console prompts for user input if the password is omitted, and will not launch if the credentials supplied are not associated with an identity that has console access.
Authentication is disabled if there are no identities. This case is encountered during IdentityIQ setup, before init.xml is imported.
Viewing the List of Commands
The help command displays a list of all commands available in the console along with a short description of each. At the command prompt, enter help or? to see this full list of available commands.
Command | Description |
? | Display command help |
help | Display command help |
echo | Display a line of text |
quit | Quit the shell (same as exit) |
exit | Exit the shell (same as quit) |
source | Execute a file of commands |
properties | Display system properties |
time | Show how much time a command takes to run |
xtimes | Run a command x times |
about | Show application configuration information |
threads | Show active threads |
logConfig | Reload log4j configuration |
Objects |
dtd | Create dtd |
summary | Summarize objects |
classes | List available classes |
list | List objects |
count | Count objects |
get | View an object |
checkout | Checkout an object to a file |
checkin | Checkin an object from a file |
delete | Delete an object |
rollback | Rollback to a previous version |
rename | Rename an object |
import | Import objects from a file |
importManagedAttributes | Import managed attribute definitions from a CSV file |
export | Export objects to a file |
exportManagedAttributes | Export managed attribute definitions to a CSV file |
exportJasper | Exports only the jasperReport xml contained in a JasperTemplate object |
associations | Show target associations for an object |
Identities |
identities | List identities |
snapshot | Create an identity snapshot |
score | Refresh compliance scores |
listLocks | List all class locks |
breakLocks | Break all class locks |
Tasks |
tasks | Display scheduled tasks |
run | Launch a background task |
runTaskWithArguments | Launch a task synchronously with arguments |
terminate | Terminate a background task |
terminateOrphans | Detect and terminate orphaned tasks |
restart | Restart a failed task if possible |
send command | Send an out-of-band task command |
taskProfile | Display task profiling report |
Certifications |
certify | Generate an access certification report |
cancelCertify | Cancel an access certification report |
archiveCertification | Archive and delete an access certification report |
decompressCertification | Decompress an access certification archive |
Groups |
refreshFactories | Refresh group factories (but not groups) |
refreshGroups | Refresh groups (but not factories) |
showGroup | Show identities in a group |
Workflow | |
workflow | Start a generic workflow |
validate | Validate workflow definition |
workItem | Describe a work item |
approve | Approve a work item |
reject | Reject a work item |
wftest | Run the workflow test harness |
Tests |
rule | Run a rule |
parse | Parse an XML file |
warp | Parse an XML object and print the re-serialization |
notify | Send an email |
authenticate | Test authentication |
authenticateWithOptions | Test authentication with options |
simulateHistory | Simulate trend history |
search | Run a simple query |
textsearch | Run a full text search |
certificationPhase | Transition a certification into a new phase |
impact | Perform impact analysis |
event | Schedule an identity event |
expire | Immediately expire a workitem that has an expiration configured. If the workitem is type Event it'll also push the event forward with the workflower |
connectorDebug | Call one of the exposed connector methods using the specified application |
encrypt | Encrypt a string. |
sql | Execute a SQL statement |
hql | Execute a search based on a Hibernate Query Language statement. |
updateHql | Update the hql search. |
date | Displays the current system date/time and its UTIME (universal time) value (Optional UTIME parameter causes the command to display the date/time corresponding to the provided UTIME value.) |
shell | Escapes out to the command line and run the command specified. |
meter | Toggles metering on and off; while metering is on, the console reports some timing statistics for each command executed. Meter information is displayed after the results of each command as it is executed. |
compress | Compress the contents of a file to a string that can be included within an XML element. |
uncompress | Return a compressed, Base64-encoded file to its uncompressed format. |
clearEmailQueue | Remove any queued emails that have not been sent |
provision | Evaluate a provisioning plan |
lock | Lock an object |
unlock | Break a lock on an object |
showLock | Show lock details |
clearCache | Clear the object cache |
service | Service management |
oconfig | Analyze ObjectConfigs |
plugin | Install and manage plugins |
recommender | Manage and test recommendations |
Syntax for Redirecting Command Output
Most of the commands report data or error messages to the console or standard out (stdout) for the system. The output for any command can be redirected to a file by specifying > filename at the end of the command.
This example redirects the output from the get command to a file:
> get identity Adam.Kennedy > c:\output\AdamKennedyID.xml