Failing to get another user's Identity Attribute

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi everyone,

I am trying to build a transform. The identity has two managers. Both of them are identity attributes. One of them is called “Manager Overseas” and the other is “Manager in house”. I am trying to get the identity’s overseas Manager and then bring in the ID(identity attribute) of the overseas manager.

Example:

User: John Smith

User’s manager overseas (identity attribute): Bella Bee

User’s Manager in house (Identity attribute): Rose Shime

Bella Bee’s ID (Identity attribute): 00512321

User’s overseas manager ID : 00512321 (Desired outcome for user’s new Identity attribute)

So far I have tried this below and it is not working. Any suggestions would really help! Thank you!!

{
  "attributes": {
    "ignoreErrors": "true",
    "values": [
      {
        "attributes": {
          "value": "$identity.useroverseamanager.attributes.Id"
        },
        "type": "static"
      },
      ""
    ]
  },
  "name": "user overseas manager id",
  "type": "firstValid"
}
2

Hey guys,
I have tried using a specific uid value and that worked. Then i tried inputing an attribute name to dynamically search for the user’s overseas manager.

Transform that worked:

{
    "attributes": {
      "name": "Cloud Services Deployment Utility",
      "operation": "getReferenceIdentityAttribute",
      "uid": "[email protected]",
      "attributeName": "salesforceId"
    },
    "type": "rule",
    "name": "user overseas Manager ID"
  }

Transform to dynamically look up didn’t work:

{
    "attributes": {
      "name": "Cloud Services Deployment Utility",
      "operation": "getReferenceIdentityAttribute",
      "uid": {
        "attributes": {
        "attributeName": "usersManagerOverseas",
        "sourceName": "Workday Production"
        },
        "type": "accountAttribute"
        },
      "attributeName": "salesforceId"
    },
    "type": "rule",
    "name": "user overseas Manager ID"
}

Could you please suggest if there is anything to achieve this?

3

Hello @salam1 ,

I don’t believe this can be accomplished via a transform.

I believe you can accomplish this with an Identity Attribute rule.

The rule would look similar to below.

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule name="Example Rule" type="IdentityAttribute">
  <Description>Describe your rule here.</Description>
  <Source><![CDATA[

import sailpoint.object.*;
 
if (identity != null) {
	Identity manager = identity.getManager();
        
	if (manager != null  && manager.getAttribute("salesforceId") != null && !manager.getAttribute("salesforceId").isEmpty()){
	  return manager.getAttribute("salesforceId");
	}
	else {
	  return "";
	}
}

  ]]></Source>
</Rule>
1 Like
4

Thank you so much! Yes, identity attribute rule makes sense.

1 Like