File attachment in the mail notificaiton in the NERM

vikasjain99999 · January 23, 2025, 6:21am

We have a business requirement where the requestor must upload a document when submitting a request in NERM, and this document should be sent as an attachment to a specific email address.

I am able to attach the document to the request form using the attachment field type attribute, but I’m unsure how to send that document as an email attachment. Please guide me on how to implement this functionality?

ZackTarantino-Woolson · January 23, 2025, 3:01pm

At this time, NERM cannot dynamically add attachments to notifications. You can add a Static attachment to Notification through the configuration settings - but that would be one file sent with every instance of that Notif.

The best practice for this would be to include a link to the profile in the notification where the receiving user can open/access the Profile Page and download the attachment.

Otherwise, the URL for the attachment can be retrieved from the /profiles endpoint: get-profile-upload | SailPoint Developer Community

The URL returned does have an expiration of 60 seconds as it is intended to be used to quickly download the file.

Beyond that, if you want a “permanent” link to the attachment - the below might work. In the workflow, after the Profile is created or updated (to ensure the attachment is stored on the profile):

Run the above API action and use data mapping to store the URL value into a text field attribute
Use another API action to PATCH the Profile or Workflow Session. In this PATCH, we will use liquid to pull the ID value of the actual file in S3 so we can create a URL. The body should look something like:

{% assign url = attribute.url_for_attachment_temp | split: '/' %}
{
    "profile":{
        "attributes":{
            "attachment_url_for_notif": "{{ url[7] }}/{{ url[8] | split: '?' | slice: 0}}"
        }
    }
}

The Liquid here takes in the text value and splits it up into an array based on the ‘/’ character. The URL should be like

“https://tenant.s3.amazonaws.com/uploads/tenant/profile_attribute_attachment/attachment/b6c1aa75-23db-444e-b554-7b0f814978bf/attachment.txt?ABCXYZ”

The first part shouldnt really change, (but it could) meaning we should be able to reliably pull the ID value and the file name out as elements 7 and 8 each time. Then, we just need to take the file name out of 8, which is before the question mark

Then, once you have that ID value stored, you can construct your URL in a notification as:
https://customer.nonemployee.com/neprofile_dashboard/uploads/profile_attribute_attachment/attachment/{{attribute.attachment_url_for_notif}}

vikasjain99999 · January 23, 2025, 6:32pm

It is throwing the Unauthorized access issue, for your reference, find the attached screenshot. Please suggest, how we should manage it.

ZackTarantino-Woolson · January 23, 2025, 7:22pm

What is throwing that error? Is that when trying to access the URL generated by the provided API? Or when trying to access a Profile?

vikasjain99999 · January 24, 2025, 5:24am

I’m following the steps outlined below:

Step 1: Execute the API to retrieve the file:
URL: {{baseUrl}}/profiles/f9bc9608-386d-4470-9bf9-c701e854c0eb/upload/3534cef7-8403-413c-b8b6-d5b82289679e

Response:
https://remoteasssetstorageseczetta6.s3.eu-central-1.amazonaws.com/uploads/{{domain}}/profile_attribute_attachment/attachment/2e05f986-43d9-4d20-b150-d4b487621095/EmployeePhoto.png?xyz

Step 2: Extract the ID value and file name from the response in Step 1:
ID Value: 2e05f986-43d9-4d20-b150-d4b487621095
File Name: EmployeePhoto.png

Step 3: Create the URL to share with the team for downloading the EmployeePhoto.png file:
https://{{domain}}.nonemployee.com/neprofile_dashboard/uploads/profile_attribute_attachment/attachment/2e05f986-43d9-4d20-b150-d4b487621095/EmployeePhoto.png

When attempting to access the file through the new URL generated in Step 3, an “Unauthorized access” error occurs.

Observation: Today, I found that if we replace “neprofile_dashboard” with “neprofile_admin” in the URL, the file can be downloaded successfully. However, this requires the user to have admin access in NERM. Without NERM admin rights, they won’t be able to access the file using this URL.

vikasjain99999 · January 27, 2025, 5:14am

Hi Zachary,

The URL you provided is correct, but I had not logged into the NERM environment and was attempting to access the URL directly.

Based on my observation, the user needs to log in first before accessing the URL. Please let me know if there’s a way for the user to access the URL directly, or if the system can automatically redirect them to the login page if they try to access it without logging in.

Thanks!

ZackTarantino-Woolson · January 27, 2025, 4:02pm

Hey Vikas, Correct - the user will need to be logged in and have access to the Profile (and admin access if you point to Admin as mentioned). That is to ensure the file can not be downloaded by a user without proper access.

Redirecting the user to the login page is not something that can be configured in the tenant - but should be something the product should do automatically. I will bring that up with our team to look into!

The given S3 link from the first API call could be used to download the file directly, but as mentioned there is a 60 second expiration, which can not be adjusted right now.

system · March 28, 2025, 4:03pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.