Entra ID Correlation Rule

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hello,

We would like to have a specific correlation rule for our Entra ID Tenants (Azure AD) where user have an UPN like firstname.lastname.adm@tenant.name.

We have pushed the following rule :

import java.util.List;

Map retMap = new HashMap();

String upn = account.getStringAttribute("userPrincipalName");
String admin_nickname = "";

if (null!=upn) {
    admin_nickname = upn.replace("@tenant1","");
    admin_nickname = admin_nickname.replace("@tenant2","");
    admin_nickname = admin_nickname.replace("@tenant3","");
}

log.error("Correlation Rule - Entra ID - Original UPN :" + upn + "Computed UPN: " + admin_nickname);

List retrievedIdentitiesByAdminNickname = idn.findIdentitiesBySearchableIdentityAttribute("adminNickname","Equals",admin_nickname,"adminNickname");
if (null!=retrievedIdentitiesByAdminNickname && retrievedIdentitiesByAdminNickname.size()==1) {
    sailpoint.rule.Identity foundIdentity = retrievedIdentitiesByAdminNickname.get(0);
    log.error("Correlation Rule - Entra ID - Found identity with Admin Nickame : " + admin_nickname);
    retMap.put("identityAttributeName", "adminNickname");
    retMap.put("identityAttributeValue", admin_nickname);
}
return retMap;

In our identities we have a specific attribute called adminNickame with the value firstname.lastname.adm build with a custom transform.

But at this stage, the rule is not working and we are not able to see our error logging in the VA. The only type of log we can see is :
"message":"Resolved sailpoint.object.Rule@665ce794[id=583b8657b4d847d2a264fadd562eab23,name=Correlation - Entra ID]

Thanks for your help.

2

Hi @alexandre_mazars ,

Is your identityAttribute adminNickame is searchable ?

3

Hello @baoussounda

Yes sure :wink:

4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.