I’m trying to do the following correlation rule:
“EmployeeNumber” from identity == “EmployeeNumber” from “Active Directory” account
AND
“Username” of identity == “sAMAccountName” of “Active Directory” account?
In other words, to correlate identity with account, you must use the “AND” condition and not “OR”. Can anyone help me with a solution, please?
Hi @thiagogosantanasi ,
Can you elaborate on the ask? If you are trying to implement a correlation rule, do you need a sample rule which you can refer?
if you want implement and AND logic, you must use a Correlation Rule.
On the UI, you can implent only simple logic, in OR statment.
Hi,
Thanks for your help.
I would like to know if it is possible to correlate Active Directory accounts with identities, analyzing in the following way:
“cpfIdentity” from identity == “EmployeeNumber” from “Active Directory” account
AND
“Username (UID)” of identity == “sAMAccountName” of “Active Directory” account?
I did the Correlation Rule below, would it be like this, do I need to correct something?
import sailpoint.object.*;
import sailpoint.rule.*;
import java.util.*;
import java.util.Map;
import java.util.HashMap;
String PROMOTED_ATTR_NAME_EMPLOYEE_NUMBER = "promotedEmployeeNumber";
String cpfIdentity = identity.getAttribute("cpfIdentity").toString()
String sAMAccountName = (String) account.getAttribute("sAMAccountName");
Map returnMap = new HashMap();
// Search IDN if "cpfIdentity" of identity equals "employeeNumber" of Active Directory account
List<sailpoint.rule.Identity> identities = idn.findIdentitiesBySearchableIdentityAttribute("PROMOTED_ATTR_NAME_EMPLOYEE_NUMBER", "Equals", cpfIdentity, "email");
if (identities != null && identities.size() > 0) {
for (Identity identity : identities) {
// Check if the Username (uid) is the same as the "sAMAccountName" value of the Active Directory account
if (null != identity.getAttribute("uid")) {
if (identity.getAttribute("uid").equals(sAMAccountName)) {
// Search IDN if "cpfIdentity" of identity equals "employeeNumber" of Active Directory accountNow we have two of three criteria matched, if DOB or First Name match add the identity to the map
if (null != identity.getAttribute("cpfIdentity")) {
if (identity.getAttribute("cpfIdentity").equals(employeeNumber)) {
returnMap.put("name", identity.getName());
}
}
}
}
}
}
return returnMap;
Hello,
Thanks for your help.
I would like to know if it is possible to correlate Active Directory accounts with identities, analyzing in the following way:
“cpfIdentity” from identity == “EmployeeNumber” from “Active Directory” account
AND
“Username (UID)” of identity == “sAMAccountName” of “Active Directory” account?
I did the Correlation Rule below, would it be like this, do I need to correct something?
import sailpoint.object.*;
import sailpoint.rule.*;
import java.util.*;
import java.util.Map;
import java.util.HashMap;
String PROMOTED_ATTR_NAME_EMPLOYEE_NUMBER = "promotedEmployeeNumber";
String cpfIdentity = identity.getAttribute("cpfIdentity").toString()
String sAMAccountName = (String) account.getAttribute("sAMAccountName");
Map returnMap = new HashMap();
// Search IDN if "cpfIdentity" of identity equals "employeeNumber" of Active Directory account
List<sailpoint.rule.Identity> identities = idn.findIdentitiesBySearchableIdentityAttribute("PROMOTED_ATTR_NAME_EMPLOYEE_NUMBER", "Equals", cpfIdentity, "email");
if (identities != null && identities.size() > 0) {
for (Identity identity : identities) {
// Check if the Username (uid) is the same as the "sAMAccountName" value of the Active Directory account
if (null != identity.getAttribute("uid")) {
if (identity.getAttribute("uid").equals(sAMAccountName)) {
// Search IDN if "cpfIdentity" of identity equals "employeeNumber" of Active Directory accountNow we have two of three criteria matched, if DOB or First Name match add the identity to the map
if (null != identity.getAttribute("cpfIdentity")) {
if (identity.getAttribute("cpfIdentity").equals(employeeNumber)) {
returnMap.put("name", identity.getName());
}
}
}
}
}
}
return returnMap;
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.