How to Retain IdentityAttribute from Application Link once it's deleted

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

I have an Identity Attribute being removed once the application link is deleted. I’m wondering how I can have that value be retained in the Identity Attributes and not be removed.

I thought a rule in the Identity Mappings would resolve this, but it appears to be removing the attribute from the Identity without going into that rule for any of my logic to function.

My scenario is for an Active Directory application and I’m trying to retain the email attribute in the Identity attributes.

2

@rettowsk
Welcome to the community

What is your current configuration in Identity Mappings of email attribute source, is it a application rule , if so can you please share the mapping from ObjectConfig Identity.xml

3

@rettowsk

you can use GlobalRule in Source Mapping of that attribute in ObjectConfig of Identity. So in this case, 2 attribute Source, 1 - Data from WD or AD as example 2- global Rule that will return previous value if source is null or link deleted.

Rule Logic should be like below

return identity.getAttribute(attributeDefinition.getName()); this will maintain the old value

Let me know if that works.

4

Hi @iamksatish

Thank you for your reply.

It’s an application rule. Here is the corresponding mapping snippet from Identity.xml:

  <ObjectAttribute displayName="Email" editMode="UntilFeedValueChanges" name="email" standard="true" type="string">
    <AttributeSource name="AppRule: MyOrg - IdentityAttribute - email Active Directory">
      <ApplicationRef>
        <Reference class="sailpoint.object.Application" id="0ab18c8a82ae14438182ae751e0e033e" name="Active Directory"/>
      </ApplicationRef>
      <RuleRef>
        <Reference class="sailpoint.object.Rule" id="0ab18c8a86d4181081871464a38c19bc" name="MyOrg - IdentityAttribute - email"/>
      </RuleRef>
    </AttributeSource>
    <AttributeTargets>
      <AttributeTarget name="EMAIL_ADDRESS_WORK" provisionAllAccounts="true">
        <ApplicationRef>
          <Reference class="sailpoint.object.Application" id="0ab18c8a82ae14438182ae753fcc0365" name="Workday"/>
        </ApplicationRef>
      </AttributeTarget>
    </AttributeTargets>
  </ObjectAttribute>```
5

Thank you @pravin_ranjan! Giving this a shot and will update.

6 
<AttributeSource name="AppRule: MyOrg - IdentityAttribute - email Active Directory">
      <ApplicationRef>
        <Reference class="sailpoint.object.Application" id="0ab18c8a82ae14438182ae751e0e033e" name="Active Directory"/>
      </ApplicationRef>
      <RuleRef>
        <Reference class="sailpoint.object.Rule" id="0ab18c8a86d4181081871464a38c19bc" name="MyOrg - IdentityAttribute - email"/>
      </RuleRef>
    </AttributeSource>
// Here you can add one more AttributeSource for Global Rule to maintain old value.
7

It’s working! Thank you @pravin_ranjan!!!

1 Like
8

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.