Identities Not Being Created After Aggregating HR Source

Identity Security Cloud (ISC) ISC Discussion and Questions
, , , , ,
1

Hello All,

Apologies for a lot of questions, really appreciate any guidance from you Experts!

We are transitioning from IIQ to ISC and I have an issue where a large number of the Identities coming from the HR source are not being created. It appears to me that it ‘might’ be because these Identities have a blank ‘uid’ on the HR source.

Would a blank(required) uid on the HR source cause the Identity to not be created in ISC?** Shouldn’t it still be created with an error or something?

In IIQ we had an Identity Creation Rule that would handle this type of situation

Would something like an ‘IdentityAttribute’ Rule be able to generate the userName if it was found to be blank?

If so, would this work in ISC and would it be account.getAttribute or identity.getAttribute?

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule name="Corp_IdentityCreation_UserName" type="IdentityAttribute">
  <Description>If username is empty from HR - create username</Description>
  <Source><![CDATA[

import sailpoint.tools.GeneralException;
import sailpoint.object.*;
import sailpoint.api.*;
import org.apache.commons.lang.StringUtils;

	String userName = "";
	
//Create new username if the account doesn't have one
	if( (null==account.getAttribute("CORPUserName") || ((String)account.getAttribute("CORPUserName")).isEmpty()) ){

//Use first letter of the PreferredName/FirstName + first letter of the LastName + EmployeeID to create new username
	if(null!=account.getAttribute("PreferredName") && !((String)account.getAttribute("PreferredName")).isEmpty())
		userName = userName + ((String)account.getAttribute("PreferredName")).substring(0,1);

//Use first letter of FirstName if PreferredName is not present
	if((null ==userName || userName.isEmpty()) &&
		(null != account.getAttribute("FirstName") && !((String)account.getAttribute("FirstName")).isEmpty())
	){
		userName = userName + ((String)account.getAttribute("FirstName")).substring(0,1);
	}
  
	if(null != account.getAttribute("LastName") && !((String)account.getAttribute("LastName")).isEmpty())
		userName = userName + ((String)account.getAttribute("LastName")).substring(0,1);

	if(null != account.getAttribute("EmployeeCode") && !((String)account.getAttribute("EmployeeCode")).isEmpty())
		userName = userName + account.getAttribute("EmployeeCode");

	if( userName.isEmpty() || null == userName ){
		log.debug("Exception: Error in Rule_CORP_HR_Identity_Creation_Rule. unable to determine the userName");
	}
	else{
		
		log.debug("Determined userName for Identity with EmployeeCode "+account.getAttribute("EmployeeCode")+" : "+userName);
	  
		return userName;
					
	}	
	}

  ]]></Source>
</Rule>

I assume if this is all the direction I should be going and the rule looks OK (Approved by SailPoint??) it would show up in the Identity Profile mappings as a Transform for UserName?

Thank you for any input!

2

You might be able to do this with transforms using combination of firstValid, Account Attribute etc

1 Like
3

Thanks Nithesh!

Upon further investigation and a larger sampling of the identities that are not showing up - ends up it is not the UserName issue that I thought it was.

I’m not sure at this point why ~10% of the Identities are not aggregating into ISC.

If/When I figure it out, I’ll post here in case some other poor individual is ever searching for the same issue.

Thanks.

4

@chrisk you can write an identity attribute cloud rule and apply this in the uid field.