Unlocking the Full Potential of SailPoint IdentityIQ with Custom Plugins

At WedaCon Informationstechnologien GmbH, we specialize in Identity and Access Management (IAM), helping organizations maximize the power of SailPoint IdentityIQ (IIQ). Over the years, we’ve seen many companies struggle to extend IIQ’s functionality in a maintainable, scalable way, especially when relying solely on built-in BeanShell scripting for custom logic. While BeanShell scripting allows administrators to embed custom logic directly into workflows, rules, and tasks, it comes with significant limitations. At WedaCon, we help organizations move beyond these constraints by designing and implementing robust, maintainable IIQ plugins.

The Case

While BeanShell allows administrators to embed logic directly into workflows, rules, and tasks, it comes with significant limitations:

• Lack of Structure: Scripts scattered across the system quickly become spaghetti code that is difficult to debug or reuse.
• Limited Version Control: Rules stored in the database are challenging to track in standard development pipelines (Git, CI/CD).
• Performance Limitations: Interpreted scripts can slow system performance, especially at scale.
• Skill Gaps: BeanShell’s niche syntax often requires specialized developers to maintain logic.
• Upgrade Fragility: IIQ upgrades can break scripts relying on internal APIs, leading to costly manual fixes.
• Security Risks: Dynamic script execution introduces potential vulnerabilities if not rigorously reviewed.
• Legacy technology: BeanShell is old and not actively developed anymore. Modern alternatives (like IIQ plugins in Java) are more robust and maintainable.

The result? Organizations accumulate technical debt, slowing deployments and increasing operational risk.

The Goal

Instead of relying purely on BeanShell, IIQ plugins provide a modular, maintainable, and scalable way to extend IdentityIQ:

• Structured Java Code: Write logic in full Java classes, with proper packages and reusable methods.
• Version Control Friendly: Manage plugins with Git and integrate into CI/CD pipelines.
• Improved Performance: Compiled Java executes faster and more reliably than interpreted scripts.
• Future-Proof: Plugins are less likely to break during IIQ upgrades, reducing long-term maintenance costs.

The Preparation

IdentityIQ plugins are modular Java packages that integrate with the platform via the plugin framework. Unlike BeanShell, plugins are compiled, (hopefully) tested, and version-controlled. Each plugin can encapsulate a specific capability, such as:

• Custom workflows
• Connectors to external systems
• Reporting and analytics extensions

The Implementation

WedaCon’s Expertise

At WedaCon, we help organizations design, develop, and deploy IIQ plugins that fit their exact needs. Whether it’s a custom workflow, connector, or reporting extension, we ensure that every solution is built with high-quality, maintainable code, integrates seamlessly with existing IdentityIQ environments, and adheres to the highest security and compliance standards. On top of that, we offer a portfolio of ready-to-use IIQ plugins, enabling teams to achieve faster results without having to reinvent the wheel.

Get in Touch

If you’re looking to enhance your IdentityIQ deployment with reliable, maintainable, and high-performance custom logic, WedaCon is here to help. Contact us today to learn more about our plugin development services and ready-made solutions.