I have a use case where the client wants to add a value to only the IDN attribute as we cannot write to AD yet. This is so we can then correlate the elevated account to the master account of the user. I wrote the below transform to add the create provision policy, on the source but I cannot get it to save to commit to the tennet. Can i get a 2nd eye,
Example -
Elevated Account - ADM_abcd
Action - need to add this “DisplayName” entry attribute to the empty IDN “accountOwners” field .as well strip every starting at the _ before so the outcomes.as below.
Hi @Swegmann i have a IDN attribute that was created call “Account Owner” it has no reference to any source but IDN. My goal is to add the transform to the policy of AD to take the display name "ADM_123 and clean it up and place as a string in the "Account Owners attribute for us to then use as a correlation key for this account to the master user account. I have been told i cannot use user Identity profile which would have made this 1000 times easier, so I am trying this route of doing it on the create policy instead on the source then the identity profile.
I’m not sure why you wouldn’t be able to use the identity profile? Mapping attributes directly from IDP to source provsioning policies are usually the smoothest way of developing if you ask me. Of course, you might not always be able to do this for every attribute, but for the one above I think should work just fine within Identity Profile, try it out!
If you’re gonna map the attribute directly on the Source Provisioning Policy, try something like this. (change attribute name to whatever your use-case)
You can use the PATCH API to add it to the Create Prov-Policy: