Email Generation via Cloud Rule Not Matching mailNickname Format(Transform)

Hi everyone,

I’m currently facing a challenge with a complex requirement related to email generation using a cloud rule, and I’m hoping someone here might have encountered a similar issue or can suggest a workaround.

Scenario:

We’re generating email addresses based on a transformed mailNickname. The mailNickname is being created correctly in the desired format, e.g.:

mailNickname = firstname.prefix-lastname

However, when we attempt to use this value in our cloud rule for generating the email address, it seems like the logic doesn’t fully evaluate the entire mailNickname. Instead of using the complete value, the generated email ends up in a different format, like:

firstname.lastname@example.com

It appears that the rule is not waiting for the full transformation of mailNickname before applying the email generation logic. We’ve tried multiple approaches, but none have produced the expected result so far.

Example : firstname.prefix-lastname

MailNickName :aquatest.aan-de-user

Prefix : aan-de

Email : aquatest.user@demotest.com

What We Need:

Ideally, we want the email address to be generated in the same format as the final mailNickname, e.g.:

firstname.prefix-lastname@example.com

Has anyone dealt with a similar issue or found a workaround to ensure the cloud rule uses the fully evaluated mailNickname?

Any suggestions, tips, or examples would be greatly appreciated!

Thanks in advance!

Hi @LearningStar ,

The issue you’re facing is due to attribute execution order in SailPoint ISC’s Create Account provisioning policy. When multiple attributes are created simultaneously, ISC processes them sequentially in the order they appear in the configuration.

Solution:

1. Reorder Attributes

Drag the mailNickname attribute above the mail attribute in the list.

This ensures mailNickname is fully evaluated first

2. Change Email Mapping to Static

   For the mail attribute, change the mapping type from Generator to Static.

   In the Static Value field, enter: $mailNickname@example.com

$mailNickname@example.com

Static mappings can reference account attributes defined higher in the list using $attributeName

Reference Documentation

Reordering Attributes

Configuring Source Account Provisioning - Static Values

Static Transform Operations

Hope this helps resolve your issue!

Hi @LearningStar

When you say:

Do you mean that is from the Rule logs, or the Provisioning logs, or the value in the target system?

Also, what Email system are you provisioning into?

Hey , we are generating these attributes within Sailpoint , it’s not Create account policy we wanna use it for Ad account creation but at present our requirement is to generate work email that’s identity attributes on the basis of mail nick name.

Hi @LearningStar - It sounds like you are using this rule as part of your Identity Profile. I appreciate this doesn’t answer the question you are asking, but it would be against ISC best practice to be generating email addresses as part of the Identity Profile, see Identity Attribute Rule | SailPoint Developer Community

Hey @j_place : I appreciate your responses and I understand all of these points but client requirement is to have the email address creation should be handled by Sailpoint only, earlier we were managing them at the time of Ad account creation but now they want to handle it via Sailpoint In our logic we are doing uniqueness check at source as well as on IdentityNow if both gets true means unique then we are initialising them at Sailpoint and later on we are utilising email and mail nick name for Entra id account creation.

could you please suggest what should be the workaround to handle this situation.

We need to have uniqueness check both side and accordingly email and mailnickname should be set.

Hi @LearningStar - I’m sorry, but your answer has just opened too many questions and I’m not going to advise on any workarounds for ISC best practice as there will be unknown consequences.

One thing to bear in mind though, the client is not always right and creating the email address via account profile still means that “the email address creation should be handled by Sailpoint only”.