Converting accountAttribute date to ISO8601

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

I am working with the Azure AD connector and want to leverage the lastSignInDateTime and lastNonInteractiveSignInDateTime on identities, but I’m having an issue in the identity profile mappings coming up with the correct transform. It looks to be formatted correctly without a transform, but it sounds like I have to do a transform to explicitly tell IdentityNow it’s ISO8601

Here’s what the account data looks like

            "lastNonInteractiveSignInDateTime": "2023-07-31T20:22:07Z",
            "userType": "Guest",
            "signInNames": null,
            "lastSignInDateTime": "2022-10-17T21:57:33Z",

Here’s what my transform looks like

{
    "name": "CHK AADSignInDate",
    "type": "dateFormat",
    "attributes": {
        "input": {
          "attributes": {
            "sourceName": "Azure Active Directory - Guests",
            "attributeName": "lastSignInDateTime"
          },
          "type": "accountAttribute"
        },
        "inputFormat": "yyyy-MM-dd'T'HH:mm'Z'",
        "outputFormat": "ISO8601"
    }
}

What am I doing wrong?

1 Like
2

Hey @mcheek,

I noticed that your input has seconds as well which are missing from your inputFormat. Try using this inputFormat and see if that helps!

"inputFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
1 Like
3

Can I use this for multiple account attributes using something like a firstValid?

1 Like
4

Oh, it actually looks like I don’t need to reference a specific account attribute, I can just do it like

{
    "name": "CHK AADSignInDate",
    "type": "dateFormat",
    "attributes": {
        "inputFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'",
        "outputFormat": "ISO8601"
    }
}
3 Likes
5

I wasn’t sure what you meant until you posted this last message… Yes! With the code you posted it will use implicit input which uses whatever is mapped in the UI as the input to the transform.

2 Likes
6

@tyler_mairose my search logic is correct here, right? It doesn’t seem to be searching correctly on these newly converted date fields

image
image1249×636 20.8 KB

7

Hmmm, It looks like you have everything correct to me. I tried this on a source I setup in our tenant and it was filtering correctly. The only difference between the query I used and yours is I used .exact on the identityProfile.name to match my identity Profile.

To search on attributes your name must be the technical name of the attribute (the one in parentheses) in the identityProfile mappings tab, in my case below startDate. With that being said it looks like you have that correct as well…

attributes.startDate:<2023-01-01 AND identityProfile.name.exact:"CSVSourceNew"
8

It appears I have the technical name correct

image
image700×125 3.13 KB

And even when I leave off the identity profile, I still get invalid identities

image
image1023×701 27.4 KB

9

Try recreating the identity attribute with name Last Sign In Datetype (lastSignInDatetype).

There’s a small note in the search documentation about the “dateType” feature here: Searchable Fields - SailPoint Identity Services

image
image811×86 4.6 KB

This thread has some more info as well:

For anyone else that might come across this page in the future, this wiki page on Compass details the format your date/datetime identity attributes must be in to be searchable: How to Format Identity Attribute Date Values to Be Searchable in Search - Compass

3 Likes
10

@nsorlien that seems to work!

2 Likes
11

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.