How to use IdNRuleUtil.getAccountAttribute from a identity attribute rule?


I am inside a identity attribute rule util, and should use attributes from its authoritative Source. As identity is not created yet, I get “null” when calling to identity.getAttribute on mapped attribute. So I think I can use the getAccountAttribute method to obtain the source attribute directly.

Parameters are:
java.lang.String applicationName, java.lang.String nativeIdentity, java.lang.String attribute

But it is not much clear to me how to use it. I have no application attached to the source, should I have to create one? Also, what is expected as “nativeIdentity”?

If someone has already used this method, help will be appreciated. Thanks!

1 Like

Spoiler: I am trying with getSourceAttributeBySourceId and getSourceAttributeBySourceName methods. When I can try it and if nobody already answered, I will share results. Waiting for support to deploy rule.

1 Like

Are you using this inside a BeforeProvisioning Rule? In that case:
applicationName = application.getName()
nativeIdentity = accountRequest.getNativeIdentity()

Hi Nithesh! Unfortunately no, is a identity atribute cloud rule :confused:

Have you considered using Link?
Use identity.getLinks() to get all the Links for the identity. Then iterate through these Links to find the one specific to the Source you want to use by comparing link.getApplicationName() to the Source Name. Then link.getNativeIdentity() to get the nativeIdentity of the account

1 Like

Application Name:
Your application name should be something like : SourceName [source-XXXXX]
SourceName is Source display name and XXXXX is 5 digit cloudExternalID of your source.

If you are passing this application name from a transform you can use below function to retrieve it or you can hard code in rule, its up to you.

String applicationName = application.getName();
String applicationName = "SourceName [source-XXXXX]"

Native Identity :
This is the account id attribute from your source.
If its AD, nativeIdentity is distinguishedName or usually its employee_number etc. depending n your source.


String nativeIdentity = identity.getAttribute("identitficationNumber");

If that doesn’t help you can also try fetching the Account and then get the account attributes:

Account acct = idn.getFirstAccount("HR [source]", identity.getName());
Map acctAttrs = acct.getAttributes();
String firstName = acctAttrs.get("First Name");
String lastName = acctAttrs.get("Last Name");

Please refer this document for more information and examples: Using IDNRuleUtil as a Wrapper for Common Rule Operations - Compass


I will take a loo for this Link object. Is some information source besides javadoc?

Thank you @sharvari ! I see that I can obtain sourceName and cloudExternalID from Rest. I should hardcode it because I am at an identity attribute rule. This means algo that I should change code when passing from sandbox to production.

Sorry, nothing I know of. However, if you like to use the jar file in your IDE, you can get it from the new Rule Validator

This didn’t work for me. I have mentioned the details of the identity attribute rule. Please have a look if there is something wrong in the below code.

I tried passing the application name in the below format.

String applicationName = “SourceName [source-XXXXX]”
example value : String applicationName = “HR Application [source-12345]”

Also the native Id is derived from combination of 2 identity attributes as mentioned below.

String nativeID = “”;
String jobCode = identity.getAttribute(“jobCode”);
String deptCode = identity.getAttribute(“departmentNumber”);
nativeId = deptCode + jobCode;

String attr = “AttributeIdToFetch”;

String result= idn.getAccountAttribute(applicationName, nativeId, attr);

The source has only 2 attributes nativeId (account id and account name) and AttributeIdToFetch

I have printed the logs for native id and the value looks correct but the logs are coming as null for the result.

Hi Shivam, I extracted the Links object from identity (getLinks) and ther I iterated over all applications (link.getApplication). I saw there that applications names are in the form “name as you see in the UI” + " " + “[source]”. They have nothing more after “source”, like “-xxxx”. Other thing is that I renamed a source, and the old name remains in the application name.

I enden in a code like this:

List links = identity.getLinks();
Iterator iterator = links.iterator();

int max = 0;
while(max < 20 && iterator.hasNext()) {
	Link link = (Link);
	String applicationName = link.getApplicationName();
	Application source = link.getApplication();
	if(applicationName.toLowerCase().contains("_PART_OF_YOUR_SOURCE_NAME_")) {
			someStringVariable = idn.getAccountAttribute(applicationName, link.getNativeIdentity(), "_TECHNICAL_ATTRIBUTE_NAME__AS__IS__ON_THE_SCHEMA__");

Thanks Julian Sosa, i will try this out and confirm if it works or not.

I was already trying to print all the application names from the link using the below code but the log was not getting printed. which made me understand that the link was empty. I will try the iterator that you have shared also.

List appLinks = identity.getLinks();
if(null != appLinks) {
for(Link lin : appLinks){“applications are” + lin.getApplicationName());

Hi Shivam, don’t worry. I fall there some months ago, it is because in cloud rules, log logs to somewhere in the cloud and only Sailpoint staff can see it. It was all the time on documentation, but as I did not see this warning, I though as you that the rule was not working:

What I begun to do after I realized about it, is that log every to return. So, after I aggregate I can see errors in the field itself. One thing I always do is to enclose entire code in a try, and return catch as a message:

imports *;
try {
   if(idn == null)
      returns "idnIsNull";
   // other codes
catch(Exception e) {
  reurn e.getMessage() + "someGarbage";

Note: where I return variables, I always concatenate some fixed string, to help me realize the point of the code where the error could be
Note2: do not forget that deploys are billable, they take about 15-30 min in doing it, ant they taxi meter is running, I also code all things that are not dependant of idn or identity objects in eclipse with hardcoded values to help minimize errors before deploying

Thanks for the help Julian.

I might have not clearly explained before but the other logs were getting printed which were above and below the application name log. I was getting the logs with the help from Sailpoint support only. Since the link is coming as empty , I am not able to see the application names getting printed. Rest all other logs are getting printed.

Now the issue which still persists is why is the appLinks coming as null.

List appLinks = identity.getLinks();
if(null != appLinks) {
for(Link lin : appLinks){“applications are” + lin.getApplicationName());

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.