BeforeProvisioning Rule for a web-service application

Identity Security Cloud (ISC) ISC Discussion and Questions
4

I would consider checking out the Rule Development Kit provided by the Developer Advocates, which can be found here: Rule Development Kit | SailPoint Developer Community

The kit provides tools to help you develop the rules before submitting them for review.

I assume that since you are asking about before Provisioning that you are using the Web Service SaaS connector.

Looking over your code, I am not sure it is doing what you intend. It looks like you are getting the attributes off of the AccountRequest:

Map<String, Object> currentAttributes = accReq.getNativeIdentity() != null ? accReq.getAttributes() : new HashMap<>();

I would review that the getAttributes() is available for the AccountRequest in ISC, as I don’t see it in the Rule Javadocs: Java Docs | SailPoint Developer Community
Additionally, are you setting data in the attributes for the accountRequest? This does not pull the attributes off the Account itself if that is what you were intending to do here.

Then you are checking to see if they have the key, and if so, returning the value or NULL:

String currentEmail = currentAttributes.containsKey("secondaryEmail") ? (String) currentAttributes.get("secondaryEmail") : null;

You then get the value of the AttributeRequest for that Key and then get the value or NULL from the key:

AttributeRequest emailAttrReq = accReq.getAttributeRequest("secondaryEmail");
String newEmail = emailAttrReq != null ? (String) emailAttrReq.getValue() : null;

Your last step here appears to be checking to see if the there is a newValue (newEmail in the example) and then if so, checks to see if there is a CurrentValue (currentEmail in this example). If the currentValue is not found, you change to an ADD operation, and if it is found you set it to a MODIFY operation.

if (newEmail != null) {
    accReq.setOperation((currentEmail == null || currentEmail.isEmpty())
        ? AccountRequest.Operation.Add : AccountRequest.Operation.Modify);
}

Where you could run into issues is that you are changing the AccountRequest operation here. If these changes come in on the same plan and AccountRequest, then you’ll keep changing the Operation if the Email Exists, the Phone does not for example.

Hope that helps.

1 Like