Attribute Sync Cloud Rule Account Attribute

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hello Community,

I’m facing a challenge with syncing an attribute within a Web Service Source.

  • I’ve written a Cloud Attribute Generator Rule that looks up an identity’s manager and then fetches the PhoneNumber Attribute from the manager’s account on the same web service source. Here is a snippet of code of this Rule :

    for (Link link: managerLinks) {

if(applicationName.equalsIgnoreCase(managerAccount.getApplicationName())) {
String managerPhoneNumber = (String) link.getAttribute("phoneNumber");
if(managerPhoneNumber != null){
  return managerPhoneNumber;
  }

}
}

  • This rule is designed to populate a target attribute that is PhoneNumberManager.

The rule works perfectly during the initial account creation . However, it does not automatically re-trigger if the manager of an Identity changes.. I don’t know how to trigger the rule for this case.

Since the manager’s PhoneNumber is an account attribute and not an identity attribute changes to it do not seem to trigger the generator rule.

How can I ensure this Attribute Generator Rule re-executes whenever the identity’s manager changes ? Is there a workaround to keep this attribute in sync? I cant add the managerPhoneNumber as an Identity Attribute..

Many Thanks!

2

Hi @torry_salamat ,

As far as I understood you would like to re-trigger attribute sync for webservice source whenever Identity manager’s change and sync manager phoneNumber from the webservice manager account link.

You can achieve it by event-driven workflow. Below are the suggested steps to follow the same:

  1. Create Identity change attribute workflow

  2. Set trigger as Identity attribute change

  3. Choose filter on the specific attribute. In your case it would be manager field.

  4. Add a sync API step which calls SailPoint API to synchronize attributes.

IHTH :slightly_smiling_face:

3

@torry_salamat have you created an identity attribute for the same? In that case you might need to create that and enable the sync

4

Hello @pkMishra,

Thank you for your reply,

I want to rettriger the cloud Rule that is calculating the manager phoneNumber. This cloud rule is linked to the “Create Account Policy”

For syncing it i don’t have any identity attribute that i can use that can be linked directly to the account Attribute…

Do you please have any endpoint that could do so?

Thank you,

5

Hello @schattopadhy ,

I can’t create an Identity Attribute to store the manager phone number unfortunately..

Do you have any alternative?

Thanks,

6

Hi @torry_salamat ,

Could you please let me know why you want to re-trigger the rule which is configured in “Create Account Policy”. As attribute sync will only sync Identity attributes in case it match un-matches value on the target end. But purposely if you want to trigger sync again you can use the below provide API - synchronize-attributes-for-identity | SailPoint Developer Community

7

@torry_salamat i guess one option for you will be to write a before rule and add the logic to fetch the manager details and pass all the time.

Thanks

8

Why can’t you create an Identity Attribute with the manager’s phone number? That would be a very straightforward solution, but instead you’re developing a highly custom work-around. I’d recommend pushing back on this “requirement”.

1 Like
9

Is there any other attribute that would trigger a sync operation when Manager is changed? Like manager name or email etc?

10

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.