Generate a unique code (identity attribute)

Identity Security Cloud (ISC) ISC Discussion and Questions
, , , , ,
1

Hello fellow developers!
I hope you all are doing great!

I have a question about identity attribute generation. So, our organization uses a special “code” every manager is assigned with. It is treated as an identity attribute. Currently, this code is assigned manually, using a spreadsheet of available codes (there is a constraint, no code can be reused, and codes should be < 89999).
So, code should be more than 0 and less than 89999 and never been used before. To know if the code has ever been used, the team uses the aforementioned spreadsheet.
So, process flow:
identity created → roles assigned → account in Application A (flat file source) is manually created → “code” (identity attribute) is populated.

So, this “code” identity attribute is sourced from Application A.

Initially, I started with creating a cloud rule, which essentially starts with code = 1 and check if accounts with code 1 exists in the Application A, if yes and it exists, then code++, check again, and we go on until we reach unique code.

The problem arises with the fact that accounts in Application A are deleted once the user is terminated, and Application A only has active users. There is no way to know if the “code” was used by a person who used to work here maybe 10-15 years ago (we cannot reuse the code). The only way to know is to look it up in the spreadsheet.

I need your help, maybe ideas and suggestions.

2

sounds like a good use case for a flat-file source. just make sure there’s some attribute on each record that can be used to correlate back to the identity as well.

(also, please don’t spam all the topics when you make a post. this doesn’t really have anything to do with aggregation, transforms, attributes, or identity profiles.)

3

Hey Mark,
thanks for the input. The problem with a flat-file source(a spreadsheet of codes in use), you will end up with a lot of uncorrelated accounts (i’d assume tens of thousands, all of the managers who used to work here for 5,10 or even 20 years ago and no longer are a part of our organization) and I am not sure if it will be the ideal solution.

I honestly thought it has to do with attributes/transforsm and identity profiles since an identity attribute(code) is generated in identity profile, and it can be done through transforms/rules.

4

Honestly, that’s not really a problem. Uncorrelated accounts are fine as long as you can explain them if audit comes knocking.