I’m working in NERM with my Contractor onboarding process using form/workflow and need guidance on pulling in Users who are listed as Managers in ISC so they can be selectable on the NERM form.
The challenge I’m running into is two-fold:
Manager selection UI – I need a dropdown/search field on the NERM form that lists all valid ISC users who are designated as managers so the requestor can pick the correct one.
Correlation back to the ISC identity – Once selected, I need the form/workflow to properly map that choice back to the manager’s ISC account, specifically:
Retrieve the manager’s employee number (authoritative Workday attribute)
Use that value to perform a lookup to determine the manager’s DN for downstream provisioning logic
Right now I don’t see a straightforward way to:
• Expose ISC users as a selectable list in NERM,
• Ensure the selected manager correlates back to their ISC identity object, and
• Reference attributes like employeeNumber for provisioning rules.
Has anyone implemented manager selection + attribute correlation in ISC/NERM forms?
What is the recommended approach—custom identity list source, external lookup, Transform, or something else?
Any guidance, examples, or best practices would be greatly appreciated.
I’ve had to import ISC identities as Users in NERM and not Person Profiles to make this happen.
As of now I just manually create them using API calls because there are so few, but you could definitely set up a web service source to manage this.
As far as manager correlation on profile records, I believe we use the sponsor_login attribute which is the email address of that respective user account.
Let me know if that helps. I can look more into it too, just going off memory at the moment
We created a source for NERM manager account creation in sailpoint isc . These source will appear in the dropdown list, and later we applied the NERM manager correlation rule.
So right now I have some managers in NERM as users. When they are selected it passes in their name with the email address in (). I exract the email address but then would need to find a way to correclate them in the connecotor and/or look up the employee number. I thought about creating a second population profile called manager then load info that way.
Do you know if you can extend the attributes of a User in NERM? Right now it looks to be locked to (id, name, email, login, status). Because with the new NERM users connector I can push the managers from ISC to NERM but be nice if I could pass the employee number also.
@GreeneT ,
I managed to achieve this using REST API action in the Onboarding workflow.
basically, whenever someone’s non-employee profile is being created in NERM, as soon as the onboarding form is submitted, I am extracting the manager’s email address in an attribute,
Then making Search Rest API call to ISC and getting that manager’s Employee Number value in another NERM attribute,
This is how I am getting any value of that user’s manager.
Once I have the required values, manager’s attribute related things can be done in ISC using manager correlation rule and some other transforms,
Is it not easier (and better?) to then just set the manager correlation key to ‘email’ for the source representing NERM? This saves the hassle of doing an additional REST call towards ISC and should yield the same result?
Of course that can be done and its better as well..
i was just sharing the idea as he mentioned if he could somehow get the manager employee number as well..
