Before Operation Rule for Single Account Aggregation

selvasanthosh · October 30, 2025, 5:17pm

Hi guys,

I’m using an ID as the Account ID in a web services connector, but this ID doesn’t support the “Get Single User” endpoint.
I need to modify the nativeIdentity attribute in the Single Account Aggregation endpoint to use a different attribute.
I’ve written a Before Operation Rule to achieve this, but it’s not working as expected.
Could someone help me troubleshoot this?

import sailpoint.object.Attributes;
 
log.error("=== WS Before Operation Start ===");
 
if ("GetObject".equalsIgnoreCase(requestEndPoint.getOperationType())) {
    String userNTID = request.getAttribute("identityName");

	log.error("=== WS Before Operation idName" + identityName);

    if (userNTID != null) {
        String endpoint = application.getAttribute("baseUrl") + "/users/" + userNTID;

		log.error("=== WS Before Operation ep" + endpoint);

        request.setAttribute("endpoint", endpoint);
log.error("Updated endpoint: " + endpoint);
    } else {
        log.error("=== WS Before Operation userNTID is null!");
    }
}
 
log.error("=== WS Before Operation End ===");

MattUribe · October 30, 2025, 5:45pm

If you look at your source configuration you should see that the operationType is “Get Object”, not “GetObject” as you have in your if statement.

For the userNTID you might try provisioningPlan.getNativeIdentity();

The above will require this library: sailpoint.object.ProvisioningPlan

If userNTID is not the account ID then you will need to iterate through the ProvisioningPlan object, but I assume for now that won’t be needed.

selvasanthosh · October 30, 2025, 5:49pm

Hi @MattUribe ,

The userNTID is not the account ID. I need to replace this userNTID with the NativeIdentity in the endpoint url.

MattUribe · October 30, 2025, 6:02pm

Ok, then take a look at this doc: Web Services Before Operation Rule

The section where it iterates over the provisioningPlan is what you are looking for:

In the above example they are looking for webId, but it should get you close enough to find the userNTID in the provisioning plan.

system · December 29, 2025, 6:02pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SailPoint: BeforeOperationRule: getNativeIdentity() IIQ Discussion and Questions webservice-connector , rules , aggregation , identityiq	8	244	April 1, 2025
How to Load Full Account Object in a Before Operation Rule for Web Services Connector (Get Object) ISC Discussion and Questions rules , identity-security-cloud	9	133	December 12, 2025
WebService Before Operation Rule, IdentityService IIQ Discussion and Questions webservice-connector , identityiq , provisioning	13	1314	December 31, 2023
WebService - Account Aggregation using multiple endpoints ISC Discussion and Questions	5	2192	July 19, 2023
How to Access NativeIdentity in Web Services After Operation Rule for "Get Object" Operation ISC Discussion and Questions webservice-connector , rules , identity-security-cloud	5	125	November 18, 2025

Before Operation Rule for Single Account Aggregation

Related topics