Generating unique ID value to IDN

Use case:
sAMAccountName can’t be reused and must be unique.
HR contains sAMAccountName values for past and existing users.
AD only has current users as they are deleted after 30 days.
We have a transform that populates a IDN attribute for sAMAccountName.

How do we do a query to IDN to check the sAMAccountName to make sure it is unique, writing it to IDN and then using it to create the account in AD?

Many have said that you must use the account generator on the connector. But the connector doing the lookup, AD does not have all of the sAMAccountNames. We are needing to do the lookup to IDN.

Would the new account in AD be created by means of Provisioning Create Account Operation? In such case, to check the new sAMAccountName (that was generated using some logic) is unique in IDN you may use IdnRuleUtil.countIdentitiesBySearchableIdentityAttribute in BeforeProvisioning rule.
Please note that you will have to make sAMAccountName a searchable attribute using this API
https://developer.sailpoint.com/idn/api/beta/create-search-attribute-config

2 Likes

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.