Share all details related to your problem, including any error messages you may have received.
What would be the best way to empty an an identity attribute when the source attribute becomes null or empty.
Use-cases:
Correcting data in the authoritative source
Data Minimization
Employee Exit, like remove job name
Within IdentityIQ when setting a Source Attribute Mapping for an Identity Attribute will not result in emptying the Identity Attribute. The attribute is not aggregated, therefore the Identity Source Mapping will not be triggered.
Wouldn’t simply returning null from the rule in turn null out the identity attribute if it previously had a value? Pretty sure this is how I have always done it.
I also would not recommend saving the identity object with context in this rule. It should just be returning the value for the given identity attribute. Let the refresh process running update the identity properly.
I did some testing in my lab-environment (with App Attribute, App Rule, Global Rule) and you are correct @patrickboston
I have seen issues with emptying identity attributes.
The only way I could reproduce IIQ not emptying the attribute (deleting the attribute) is: If the AttributeMetadata for the attribute is incorrect or not available, the value is not removed. However this is more an issue with the AttributeMetadata and not with IIQ not emptying the attribute
Ah, yes I’ve run into that as well when switching from direct mappings to rules or vice versa. Only way around that is to write a task to go and clear all identity attribute metadata for that specific attribute so the new mapping takes effect.
Yeah, there’s an issue (bug?) in IIQ when you do that. If the attribute was derived from a Link, the AttributeMetadata will only allow the attribute to be cleared if it’s blanked out by that Link. If the Link itself just disappears, e.g., via aggregation delete, then the value can never be nulled out by a Link mapping.
IIQ will always run a Global Rule, because it’s not tied to a particular Link.
The other problem is that IIQ interprets “null” in an identity attribute rule to mean “no value from this, move along”.
I usually create a generic rule called “Return Empty String” which returns “” (explicitly non-null) and map it last. That always works.