In an attempt to give approvers visibility into the job roles of requestors, we would like the requested individual’s role to show in the access request email. I have been attempting to make it work with this template:
But it doesn’t seem to be working at all. Is there a way to do this?
When I attempt to test the template, I keep getting this error:
Hi @jared-fox,
If primaryrolename is identity attribute then can you try this.
${identity.primaryrolename}
Thanks.
Hi Jared,
The correct syntax for accessing identity attributes in version 1 templates is ${user.<technicalName>}.
So in your case, if ‘primaryrolename’ is the technical name of your identity attribute, then to reference it in the email template it would be:
${user.primaryrolename}
Thanks,
Liam
This is not working. I have tried several attempts and made the user has a primaryrolename attribute.I tried with ${user.primaryrolename} and ${identity.primaryrolename}
I tried this use case with ${user.} and it worked for me. Might be you can check if identity attribute technical name is correct.
At first I thought that was the technical name, I’m doing a little research on it now. Is the technical name something primaryrolename would be mapped to? How would I find it?
You might be using technical name, just check on Identity Profile mappings page it will be in (…) for an attribute like for Work Email “email” is the technical name. You can also try with other attributes once if it is getting poppulated.
Thank you, I could picture it but couldn’t find it so I was doubting myself. It looks like it is the technical name as well
I’m wondering what I’m doing wrong. I’m gonna keep testing and trying different things.
confirmed technical name is primaryrolename, still not working. Odd question, in the variable user.name, where does it get name from? I don’t have “name” as a technical name anywhere in my mappings, yet it gets the correct data for that variable. Is there somewhere else I should be looking?
name is something comes OOTB when you requeat access for someone else. Along with SailPoint also provides capability to add other attributes of identity for whom access is requested. Like ${user.email}.
You can try ${user.email}, it should give you the Work email.
Thanks.
Interesting. I used user.email and it showed my email address, not the identity I was requesting for.
Hi @jared-fox,
Only the below template specific variables are available to be used in the Access Request Reviewer Email Template. The ${user.} will fetch you the email recipient’s attributes only and the ${identity.} is not available in the template.
There are related ideas in the portal that you may want to look into and someone has even posted a workaround which you may want to try.
The work around does not appear to work, it populated some of the fields, but not the role name. That work around did appear to be a few years old though. Also, as that in IIQ?
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
