I need a new identity attribute directorCpid whose value comes from walking each identity’s manager chain. Because it requires multi-hop reads of other identities, I’m calculating it outside identity refresh rather than in a transform/rule.
I have a PowerShell script (triggered via PAT) walks the entire chain (business logic) and produces a cpid → directorCpid CSV table.
Where I’m stuck: getting that computed value to become an identity attribute. I assume it has to land on a source first. Options I see so far:
Delimited-file source (script writes CSV, manual aggregation, map attribute).
Not the best approach, I believe.
Custom/Web Services source written via the accounts API.
I saw an Update Account Attribute Call, so in theory for this I need to make a dummy source (not a flat one), again the way around
So the question is:
Which propagation pattern is current best practice in ISC for an externally-calculated PAT value? Anything cleaner I’ve missed?
My first thought was a cloud transform rule, but that will likely come across stale reference issues and it also lacks the traceability that your PowerShell script or web service connector will have.
Here is more info on that if you want to take a deeper dive:
Personally I like the delimited file approach with a PTA workflow running a PowerShell script that does a true-up daily. One enhancement I would make to what you already mentioned, is that instead of aggregating the accounts and building a CSV, you can execute API calls using the endpoints below to either update/create a new attribute/account for the user. I like the update/create options via the API more since you can track those exact API calls a little bit easier rather than uploading a brand new file every day.
But since this is such a unique use case, I would like to hear if anyone else has a more elegant solution.
If your script creates a CSV file, you can upload the same to a delimited file source via this API:
Alternatively, instead of creating a CSV file, you can POST the account directly to the Delimited file source via this API: (this will have one API call per account though)
I am sure you have already figured out the part where you need to correlate these accounts to the identities and calculate the identity attribute using an account attribute from the CSV file source.