We have a requirement to have different values for some things between the SandBox and Production environments. Things like the Disables User OU and URLs. In the IIQ world, we’d use a Custom object to hold those values.
In IDN, it’s been suggested that we store those values in the Identity, and use transforms to store the values for specific environments there.
Does anyone have any other ideas how this could be done?
Hi Chris,
A transform to then store on the Identity is the simplest option for OU management. An alternative would be to add a custom attribute onto your source and use that in your before provisioning rule. As long as you put something in the connectorAttributes section, it will stay. This is somewhat similar to how the Accelerator Pack in IdentityIQ worked.
For URLs, this seems like just source configuration, in which case you wouldn’t store this separately. I’m not sure where you would use this to be environment based in IdentityNow. I’d imagine this would require some additional discussions to understand requirements and to come up with a proper solution. Expert services could help here.
Best
Ross
Hi Ross,
Thanks for your response. While storing an attribute on the Identity can work for the disabled OU, it just starts to add some unnecessary complexity when we start to get 10,20, hundreds of applications who may all need to have customized attributes per environment.
We’re finding this same type of issue with a SalesForce implementation, where the Role and ProfileId are different between the Sandbox and Production tenants.
Can a custom attribute hold a key/value pair? So, for example, can we put
“customAttribute”: [
“Role=AAAA”,
“ProfielID=BBBB”
],
and customize those per environment?
How can we access the customAttribute values in our rule?
This would seem to minimize the number of Identity attributes required, and be specific for the Source.
If you are in a connector rule or a before provisioning rule, you have access to the application (typically). Please see the Rule guide on compass for the particular rule you are checking.
If you do have application, you can access the value using the following
This can access any object available on the application, regardless of type.
Please note: this is currently available, but as Rules get replaced by OOTB functionality this may not be available in the future.