Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.
I have the same use case as this post but don’t feel the original question was resolved. I have a more specific question to help me solve the use case.
I want to implement an Account Correlation rule in ISC for an Entra ID connector. This will require a Cloud Rule submitted to Sailpoint for approval.
I want to correlate the first value in a multi-valued attribute on the Account, against the email field on the Identity.
In the Correlation rule my account will be available as a ResourceObject, which according to the JavaDocs only provides getString() and getStringAttribute() methods.
What actual value will account.getStringAttribute("otherMails"); return?
account.getStringAttribute("otherMails") will return you an array that has multiple values. So, you need to loop through each of the value (use foreach loop).
Something like this
Map returnMap = new HashMap();
// Get the multivalued email attribute from the account
List emailList = account.getStingAttribute("otherMails");
// Iterate through each email in the array
for (Object emailObj : emailList) {
String email = (String) emailObj;
// Validate the email is not null or empty
if (email != null && !email.isEmpty()) {
// Attempt correlation using this email
returnMap.put("identityAttributeName", "email");
returnMap.put("identityAttributeValue", email);
}
}
Hi @g_little
The method getStringAttribute() return the first value if the attribute is multivalued. So in this case account.getStringAttribute("otherMails"); returns first mail i.e Aaron.Nichols@sailpointdemo.com as a string.
Hello @JackSparrow
based on the JavaDocs for the restricted ResourceObject used in ISC Cloud Account Correlation Rules, only the exposed safe string accessor methods are available. In this context, getMultiValuedAttribute() isn’t available.
So correlation would work only with the first email value unless SailPoint exposes multivalue access in the cloud rule runtime.
Please correct me if I’m wrong.
Thank You!
Instead use a Transform to store all the mails as a single string using any delimiter, so that you can use that method get string, split it and test which you need.
Just to close this off and confirm what @ipobeidi said, the value seems to be returned as a JSON array string. I didn’t use a JSON library for this simple proof-of-concept but here’s what was submitted and is running.
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule name="GWL - First Other Mail" type="Correlation">
<Description>Our Entra tenant is set up in such a way that the Identity's
work-email is held in the first entry of Entra's "other mails" array.
Extract that and map to Identity work email</Description>
<Source><![CDATA[
Map returnMap = new HashMap();
// Assume getStringAttribute returns a JSON array representation
// I'm not sure what JSON library is available so for now let just
// 1. Trim open and closing square brackets
// 2. Split on comma delimiter
// 3. Take the first entry
// 4. Trim any quotes
// 5. The result is our identityAttributeValue.
String arr = account.getStringAttribute("otherMails");
log.debug("Original value = " + arr);
arr = arr.replace("[","").replace("]", "");
log.debug("Trimmed [] = " + arr);
String email = arr.split(",")[0];
log.debug("Split = " + email);
email = email.replace("\"", "").replace("'", "");
log.debug("Trimmed quotes = " + email);
email = email.trim();
log.debug("Trimmed = " + email);
returnMap.put("identityAttributeName", "email");
returnMap.put("identityAttributeValue", email);
return returnMap;
]]></Source>
</Rule>
(I haven’t been able to access the logs yet to absolutely confirm the output at each stage, but the rule is correlating)
Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.