Expanding Extended Attribute from 10 to 20 for Identity object in Identityiq

Which IIQ version are you inquiring about?

8.4P3

Please share any images or screenshots, if relevant.

Please share any other relevant files that may be required (for example, logs).

Share all details about your problem, including any error messages you may have received.

In pertinent to our project requirement, i have to expand extended attribute from currently 10 to 20( Which is max) as per Sailpoint doc.

Please tell the me repercussions and the perfect way to do and points to keep in mind before performing this activity.

You can use the ExtendedPropertyAccessor to add any additional attributes. You can find more details in the following Whitepaper.
https://community.sailpoint.com/t5/Technical-White-Papers/Managing-Extended-Attributes/ta-p/77088

Hi @mayamis1703eq ,

Extended attribute mappings for Identity.

By default, we will map 10 extended attributes, but this may be raised to a maximum of 20. Using ExtendedPropertyAccessor can add attributes beyond the limit of 20 and have meaningful names. An example of ExtendedPropertyAccessor is shown below.

Since you are now setting up, I would recommend you use ExtendedPropertyAccessor for any extended attribute. Using ExtendedPropertyAccessor, you can provide a meaningful name, which will be used for reporting. Additionally, at times, updating the identity object will not corrupt data to streamline the process. Below is a sample example.

SailPointObject properties and have meaningful names.

<property name="costCenter" type="string" length="450"
          access="sailpoint.persistence.ExtendedPropertyAccessor"/>

I hope this will help!.

Thanks,

PVR

@mayamis1703eq

1. IdentityIQ provides 10 extended searchable identity attributes by default (extended1–extended10).
2. You can extend this further by adding more searchable attributes up to 20 using additional entries in the corresponding hbm file. (for example for Identity Attributes, update the IdentityExtended.hbm.xml file)
3. Beyond 20, you can still add more extended attributes, and there is no hard limit — IdentityIQ supports an unlimited number of extended attributes. Using ExtendedPropertyAccessor can add attributes beyond the limit of 20 and have meaningful names. Example of ExtendedPropertyAccessor is shown below.
   <property name="costCenter" type="string" length="450" access="sailpoint.persistence.ExtendedPropertyAccessor"/>

Important considerations

• While there is technically no maximum limit, adding too many searchable attributes impacts performance, especially due to indexing on the database.

Hi @aseelvn07 : Can you please tell me steps to create extra add extended attributes after 10 (i.e extended10-extended20)

@mayamis1703eq Please check this community post: https://community.sailpoint.com/t5/IdentityIQ-Forum/Standard-Attribute-Named-Attribute-and-Extended-attribute/m-p/171812/highlight/true#M138632

To use the extended attributes, you need to modify your Identity Mappings and mark them as searchable. It’ll assign the next available extended column to this new attribute.

Note: Found a fix? Help the community by marking the comment as solution. Feel free to react(, , etc.) with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.

Please prefer Technical white paper doc.

https://community.sailpoint.com/t5/Technical-White-Papers/Managing-Extended-Attributes/ta-p/77088

yes thats correct but my question is not about its usability.

I want to reconfirm if i have follow the same steps like i have to do for creation of Extended attributes 11- Extended Attribute 20 for Identity object

Dear @mayamis1703eq

After adding entries in IdentityExtended.hbm.xml file at ..\identityiq\WEB-INF\classes\sailpoint\object

steps to follow:

1. open CMD Run as Administrator – > Go to ..\identityiq\WEB-INF\bin
2. run iiq extendedSchema
3. The above command will create database scripts in database folder for all type of supported Databases

add_identityiq_extensions.mysql
add_identityiq_extensions.postgresql
add_identityiq_extensions.sqlserver
add_identityiq_extensions.oracle

5. stop the application server.
6. Execute the correct database script file as per your DB type against your DB.

for example, your database is: mysql then connect to database from database folder and run below source command.

mysql > source add_identityiq_extensions.mysql

Verify whether schema is extended by looking at table: identityiq.spt_identity structure.

or

Start the application server then look at Gear icon -- > Global Settings --> Identity Mappings here you will find all the extended attributes.

if you have any specific queries let me know, I will try to clarify it, but the links provided by @SanjeevIAM is very helpful and covered all the scenarios.

Hi @pattabhi : We usually get 10 extended attributes in identity object.

image766×372 10.4 KB

Please confirm if i have to create extended11 to extended 20 ( as max 20 are allowed for Identity object) then i have to follow the above steps as with creating any named column.

Thank you!

@mayamis1703eq Do you want to extend 10 more columns as named attributes or as placeholder attributes? In both cases you need to update the hbm file, difference is in case of placeholder attributes, you’ll add entries like extended11, extended12, etc while if it is named attribute (eg: empId) you’ll make an entry for empId attribute:

Note: Found a fix? Help the community by marking the comment as solution. Feel free to react(, , etc.) with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.

Hi @mayamis1703eq

Greetings!

May I know if you have access to the community portal? I highly recommend checking the Technical White Papers there; they serve as a comprehensive guide covering almost every scenario in detail.

Managing Extended Attributes - Compass

Hi @mayamis1703eq ,

I think above threads already answered by @pattabhi @neel193 , Please refer the below screenshot

image1070×675 53.8 KB

I hope it will work!.

Thanks,

PVR

@mayamis1703eq As per SailPoint documentation, you should start with creating named attributes. Extended attributes are to be reserved as placeholder so they can be used later.

image1381×141 25.3 KB

You can create them using sailpoint.persistence.ExtendedPropertyAccessor class. Here is an example - <property name="vendorEndDate" type="string" length="450" index="spt_identity_vendor_end_date_ci" access="sailpoint.persistence.ExtendedPropertyAccessor"/>

Here vendorEndDate is the attribute name and spt_identity_vendor_end_date_ci is index. By default all named attributes are searchable because SailPoint creates a dedicated column for them in spt_identity table. Creating an index makes search faster.

After updating your <Object>Extended.hbm.xml file, you need to iiq extendedSchema command from WEB-INF\bin> folder. This creates the DDL script files: add_identityiq_extensions.[dbms]. You need to run this script on your database to create the columns and indexes.

Once this is done, add an identity attribute using Global Settings >> Identity Mappings >> Add new attribute. Make sure to enter the same name as you gave in .hbm.xml file.

You can also add/edit attributes from debug page - <ObjectAttribute displayName="Vendor End Date" editMode="ReadOnly" namedColumn="true" name="vendorEndDate" type="string"/>

https://community.sailpoint.com/t5/Technical-White-Papers/Managing-Extended-Attributes/ta-p/77088#toc-hId--440092239

Hope this helps!

Hi @mayamis1703eq

Identity Attribute

1. Default Attribute/OOTB Attribute/Standard Attribute

2. Extended Attribute/Custom Attribute/UDF (User Defined Field)

2.1 Normal Extended Attribute –>No Limit

2.2 Searchable extended Attribute

Default /limit searchable Attribute –>20

Enabled default searchable attribute –>10

2.3 Named Searchable Attribute –> Depend on DB Vendor

How to check default searchable attribute is 10 ?

Goto Mysql workbench

1. show databases;

2. use identityiq;

3. select * from spt_identity;

image975×302 111 KB

You can see the above image, showing extended1,extended2…..extended10, It means 10 searchable attribute is present already.

How To Enable Other Searchable Attribute ?

1. Stop the server.

2. Update HBM file –> (IdentityExtended.hbm)

Path : \webapps\identityiq\WEB-INF\classes\sailpoint\object\IdentityExtended.hbm

3. Generate DB script.

// To create new columns.

image975×348 139 KB

Copy and paste the comments outside of the commented line, like above.

4. Goto \webapps\identityiq\WEB-INF\bin –>CMD

–> iiq extendedSchema

image975×512 142 KB

Now it will generate the database scripts.

We can see the updated database scripts under –> webapps\identityiq\WEB-INF\database (I’m using MySQL, so I chose mysql file)

image975×293 66.5 KB

image975×374 187 KB

alter table identityiq.spt_identity add extended11 varchar(450);

alter table identityiq.spt_identity add extended12 varchar(450);

5. Now copy the two lines of code, run them in the mysql

image930×291 81.8 KB

extended11,extended12 attribute are created now. In this way, you can enable other searchable attributes

image975×357 131 KB

6. Start the server.

Hope this is helpful.

Note: Found a fix? Help the community by marking the comment as solution. Feel free to react(, , etc.) with an emoji to show your appreciation or message me directly if your problem requires a deeper dive