I have a QQ.
When creating a user in SF i need to add their call center only when the role requested is selected. Since it’s not an entitlement what are some ideas on how to do this? if i add it to the create policy as a if statement will IDN see the profile Name before it creates the Call center or will it error?
Here is a sample of what i was thinking on the create profile. Missing a comma somewhere if anyone can catch it but thought to share this to help drive a conversion
"name": "CallCenterId",
"transform": {
"type": "firstValid",
"attributes": {
"values": [
{
"type": "lookup",
"attributes": {
"table": {
"FSC - Support (Lightning)": "Domain Lightning SSO",
"default": "Domain Lightning SSO"
},
{
"type": "accountAttribute",
"attributes": {
"attributeName": "ProfileName",
"sourceName": "Salesforce Development"
}
}
}
}
]
}
},
"attributes": {
"cloudRequired": "true"
},
"isRequired": false,
"type": "string",
"isMultiValued": false
}
Hi @VBsupport ,
You can create a before provisioning policy to capture the role addition account request. then you can modify the provisioning plan to add an extra attribute request to set the call center id value to the account.
A before provisioning sample is given below which is used to capture the Sf Role add event and then modify the plan accordingly to set call center id attribute.
import java.util.ArrayList;
import java.util.List;
import sailpoint.object.Application;
import sailpoint.object.Identity;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.Operation;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AccountRequest.Operation;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.rule.Account;
if (plan != null )
{
List accountRequests = plan.getAccountRequests();
List emptyAttributes = new ArrayList();
for (AccountRequest accntReq : accountRequests)
{
List attrsList = (List) accntReq.getAttributeRequests();
if (attrsList != null && !attrsList.isEmpty())
{
for (AttributeRequest attrReq : attrsList)
{
if ( "Role".equalsIgnoreCase(attrReq.getName()) && ProvisioningPlan.Operation.Add.equals(attrReq.getOperation()) )
{
AttributeRequest newAttributeRequest1 = new AttributeRequest();
newAttributeRequest1.setValue("abcde");
newAttributeRequest1.setName("callcenterid");
newAttributeRequest1.setOperation(ProvisioningPlan.Operation.Add);
accntReq.add(newAttributeRequest1);
}
}
}
}
}
Thanks
Do you mean a before provisioning rule for Salesforce? would that be a before rule in IDN? I did not think we could have them. I changed my logic in the create to the below and though it works i am getting a reference error which i think is what is happening above.
{
“name”: “CallCenterId”,
“transform”: {
“type”: “static”,
“attributes”: {
“PROFILE”: {
“attributes”: {
“attributeName”: “ProfileName”,
“sourceName”: “Salesforce Development”
},
“type”: “accountAttribute”
},
“value”: " #if($PROFILE == ‘FSC - Sales (Lightning)’)Domain Lightning SSO#{else}#end"
}
},
“attributes”: {},
“isRequired”: false,
“type”: “string”,
“isMultiValued”: false
}
Yes. A cloud rule which can deployed to your tenant and can be used as before provisioning rule for salesforce source.
If you are using this transform, i don’t think you will be able to pull the “PROFILE” value correctly because you are trying to get that attribute value from the Salesforce source account.
This transform is in create account profile of the source. So IDN won’t be able to get that attribute as that SF source account is not yet created for the user.
Thanks
The Create Profile won’t work in this scenario only way is to use Before Provisioning Rule
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.