How to add an attribute from an account to the provisioningPlan

Hi guys,

We are trying to add an attribute that is in the account schema to add an access profile, however this attribute is not shown in the plan, is it possible to add an account attribute that comes in the aggregation of this source in the plan to add a new access?

For example, attributeA and attributeB both come in the aggregation of the account we are talking about, but only attributeA appears in the plan for adding a profile, attributeB does not appear.

My question is how can I add this attribute to the plan?

This is the body we are sending when adding accesses:
{
“login”:“$plan.nativeIdentity$#fonte”,
“permissoes”:[
{
“codigo”:“$plan.menu_permissoes$”,
“funcionalidades”:[
{
“acao”:[
“incluir”,
“alterar”,
“pesquisar”,
“excluir”,
“bloquear”,
“aprovar”
],
“codigo”:“$plan.menu_funcionalidades$”
}
]
}
]
}
This variable “$plan.menu_functionalidades$” brings the value, however this variable “$plan.menu_permissoes$” is removed because it is empty, but we have both attributes in the account, and we only get one value, but to add the profile it is essential May we have both.

Can anyone help me how to build a rule to get this value?

Thank you very much in advance for your help.

I believe the easiest way would be to build before provisioning rule and add this attribute into the provisioning plan from that place.

1 Like

Kamil, thanks for this,

Could you send me a example, how can I do this, in the source of the accounts? Because I did this using attributes of the Identity, but using accounts attibutes I didnt.

Thanks for your help.

Hi,

You have 3 options, as far as I know.

  1. Create a Before Provisioning Cloud rule to include it there
  2. Create a Before Operation Connector rule, and make an API call to get the account from ISC - search this forum for “X-IDNUrl” and you will find some code for it.
  3. In the provisioning plan, you can create an attribute called “attributeB2” and set the value to be attributeB, this way you will have it.

POST {{api_url}}/beta/sources/<source>/provisioning-policies

    {
        "name": "MY_WS_UPDATE_PP",
        "description": null,
        "usageType": "UPDATE",
        "fields": [
            {
                "name": "attributeB2",
                "transform": {
                    "type": "accountAttribute",
                    "attributes": {
                        "attributeName": "attributeB",
                        "sourceName": "My Web Service"
                    }
                },
                "attributes": {},
                "isRequired": true,
                "type": "string",
                "isMultiValued": false
            }

Reinaldo , tudo bem ?
você pode usar a Before provisioning da propria Sailpoint pra isso

Abaixo segue a documentação dela :
Services Standard BeforeProvisioning.pdf (68,4,KB)

Não precisa criar uma regra so pra isso, se quiser me chamar no chat eu consigo te auxiliar tbm.

best

Hi Jason,

Thanks a lot for your help, gave me a different vision about webservice integrations. Now we can see the value of the attibute, therefore we can not to take this value, we have used “$plan.attributeB2$”, but this value is empaty. We have a different for to get this value?

thanks