[Custom] Correlate Identity from Rule and 2 identity profiles

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hello folks, I would like to get help on the below scenario to be achieved.

Scenario :

  1. Identity is created through a Form, that fills a Delimited File named “SailPoint”
  2. The identity name is generated from the workflow
  3. An additional attribute name “hrisSecondaryCorrelation” is filled with concatenation of first name, last name and date of birth (e.g JOHN|DOE|01/01/2000)
  4. Then the employee is created in the HRIS system that is connected through a Webservice Connector and has its own Identity Profile. (Source name : “HRIS”)
  5. Upon reconciliation of the HRIS source, an Identity Correlation rule has been developed to :
    a. Correlate on the employee ID by default
    b. Correlate on the concatenation of first name, last name and date of birth and find associated identity which comes from the “External” source.
  6. We expect having only 1 identity instead of 2, one per identity profile.

Implementation elements :

  • Identity Profile 1 : “Internals” linked to “HRIS” source
  • Identity Profile 2 : “Externals” linked to “SailPoint” Delimited File source
  • On “HRIS” source, Identity Correlation rule below is attached.

Current Status :
When aggregation of HRIS source happens, it creates a new identity, leading to 2 identities existing in SailPoint instead of one.

Below is the Identity Correlation Rule :

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import sailpoint.rule.*;
import sailpoint.tools.Util;

Map returnMap = new HashMap();

String employeeid = account.getStringAttribute("employeeid");
String givenName = account.getStringAttribute("givenName");
String familyName = account.getStringAttribute("familyName");
String birthDate = account.getStringAttribute("birthDate");
String hrisSecondarCorrelation="";

//  Default correlation based on employeeid
if (null!=employeeid) {
	List retrievedIdentities = idn.findIdentitiesBySearchableIdentityAttribute("uid", "Equals", employeeid, "uid");
	if (null!=retrievedIdentities && retrievedIdentities.size()==1) {
    	sailpoint.rule.Identity returnedIdentity = retrievedIdentities.get(0);
		returnMap.put( "identityAttributeName", "uid");
		returnMap.put( "identityAttributeValue", returnedIdentity.getName());
    }
}

// if no identity found on employeeid then find identity with hrisSecondaryCorrelation with FIRSTNAME|LASTNAME|DATEOFBIRTH
if (null!=givenName && null!=familyName && null!=birthDate) {
	hrisSecondarCorrelation=givenName+'|'+familyName+'|'+birthDate;
	List retrievedIdentities = idn.findIdentitiesBySearchableIdentityAttribute("hrisSecondarCorrelation", "Equals", hrisSecondarCorrelation, "uid");
	if (null!=retrievedIdentities && retrievedIdentities.size()==1) {
    	sailpoint.rule.Identity returnedIdentity = retrievedIdentities.get(0);
		returnMap.put( "identityAttributeName", "uid");
		returnMap.put( "identityAttributeValue", returnedIdentity.getName());
    }
}

return returnMap;

Please let me know how can I achieve the scenario and how should we rework the identity profiles (potentially) and the correlation rule.

2

Found out that the birthdate attribute was in a different format which we fixed in the identity attribute transform, and it worked !