Accessing identity info in After Provisioning Rules

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Which IIQ version are you inquiring about?

8.4-p2

Share all details about your problem, including any error messages you may have received.

i have a role called Role A that im manually assigning to an identity and that triggers its creation in an Active Directory. this uses a form that generated an email on the fly during the account creation process.
in my AD Application i’ve created a simple After provisioning rule that is supposed to check if the identity to which i assigned the role has it, and also checks if the mail was correctly provisioned

here is quick sample of the code:

processedIdentity = plan.getIdentity();
usermail = processedIdentity.getEmail(); → this always return null even if the mail was correctly provisioned in the target AD…
and i tried to fin dthe role by either doing processedIdentity.getassignedRoles() or
processedIdentity.hasRole(context.getObjectByName(Bundle.class,“IRIS Users”),false)

both return false.
and if i print out my plan, i cannot find the role, this is an after prov rule so i’m not getting why i can’t find these info

thanks for any help, this is my first post here hope i was clear enough

2

Hello @bardawilh

Welcome to Sailpoint Developer Community for your use case. In the After Provisioning Rule, force a reload of the identity from the IIQ DB, so you get the post-provisioning version.

Identity processedIdentity = context.getObjectByName(Identity.class, plan.getNativeIdentity());
String usermail = processedIdentity.getEmail(); // Should return the updated value

// Check role
Bundle role = context.getObjectByName(Bundle.class, "IRIS Users");
if (processedIdentity.hasRole(role, false)) {
    // Role is assigned
}

Alternatively you can fetch email value from provisioning plan like below code:-

for (AccountRequest acctReq : plan.getAccountRequests()) {
    if ("Active Directory".equals(acctReq.getApplicationName())) {
        for (AttributeRequest attrReq : acctReq.getAttributeRequests()) {
            if ("mail".equalsIgnoreCase(attrReq.getName())) {
                String newEmail = (String) attrReq.getValue();
                // use newEmail
            }
        }
    }
}