Several discussions on the SailPoint Developer Community have raised questions about how to identify the environment (tenant) within a transform:
- Know the Tenant or Environment in Transforms
- Any Way to Get Information About Virtual Appliance and/or Environment in a Transform
I needed to conditionally set the Active Directory DN for production and development, but IdentityNow does not provide a built-in way to obtain environment-specific information directly.
The Solution
I was able to solve this by leveraging an attribute from an authoritative source (in my case, SuccessFactors) to distinguish between environments. Hereās an example transform that checks if the environment is āDevelopmentā:
{
"id": "0db1d640-eb8f-455d-b026-e1caa4e85e20",
"name": "isDevEnvironment",
"type": "static",
"attributes": {
"value": "#if($identity.getLinksByAppIdOrName(null, \"SuccessFactors [source]\")[0].getApplication().getStringAttributeValue(\"companyId\") == \"<My Dev Proxy Value>\")true#{else}false#end"
},
"internal": false
}
Explanation
-
Source Selection:
- The transform retrieves links to the
SuccessFactors [source]
application. - The first linkās application object is accessed.
- The transform retrieves links to the
-
Attribute Extraction:
- The transform checks the
companyId
attribute value from the sourceās JSON. - If the value matches the expected development environment identifier (
<My Dev Proxy Value>
), the transform returnstrue
; otherwise, it returnsfalse
.
- The transform checks the
Important Considerations
-
Guaranteed Link Presence:
- This approach works because SuccessFactors is the authoritative source for the identity profile using this transform, ensuring at least one link always exists.
-
Flexible Attributes:
- Any value within the
connectorAttributes
object from the sourceās JSON can be used instead ofcompanyId
. - You can even modify the source and add a unique identifier attribute for each environment if needed, eg.
"<companyName>_ISC_Environment": "Dev"
.
- Any value within the
Hope this helps others