Hello Experts,
We have noticed that identity Attribute is updated in Workday Aggregation.
for. Identity Attribute is Hired and Workday Worker status is Hired.
If we changed Workday Worker status to Terminated then immediately Identity Attribute (System_LifeCyclestate) is updated to Terminated in Workday Account Aggregation.
Is it expected behavior or we can update Identity Attribute after refresh the identity.
Thanks
Hi @ntelavan,
I am little confused. If you refer to Termination operation in SP, this is a correct behavior. Termination operation in SP is the immadiatly inactivation of the identity, so if you configured the provising on workday for the inactivation, the workday account will be terminated.
Instead if you terminate the account from workday and have a mapping to the indentity attribute, the idn attribute will update after the refresh task
Yes. we are terminating the accounts in Workday but when we are doing aggregation during that time idn Attribute gets updated from Active to Terminate so that is causing to trigger Termination Lifecycle events as this is based on Attribute changed from Active to Terminate.
Any idea why iden.attribute gets updated during Aggregation. generally we exepect thos should get updated after refreshed
Hi @ntelavan ,
you can use customization rule in workday application to check the values from the app object and update the that in the identity attribute field and save and commit those changes in rule it self.
Thanks,
Charan.
@ntelavan Yes this is expected, like if you have direct source mapping. if you want to update these attribute in refresh then use global rule to update this identity attribute.
Let me know if that works or need sample code.
@pravin_ranjan if you have sample code, can you please share with me.
also i have configured the Global rule but still it is updating the Identity Attribute in Account Aggregation.
@ntelavan if possible pls share your code.
It’s IDN or IIQ ?
if this is IDN please update the tag.
@ntelavan One option i thought, you can try
In Global rule put logic something like below
- get AD Link
- get accountExpires value
- if null or never -> keep previous value
- if accountExpires has date then check with current date
- if it's before current date then return System_LifeCyclestate to terminated
Sample would be like below
String previousValue = identity.getAttribute("System_LifeCyclestate");
Link adLink = identity.getLink(...........);
if(adLink != null) {
String acExpire = (String) adLink.getAttribute("accountExpires");
if(acExpire == null || "never".equals(acExpire)) return previousValue;
//Here you need to parse the acExpire so you can compare with currentDate.
}
``So the idea is, you will only change the attribute when AD Link is expired.
it is in Identity IIQ 8.4
Below is our logic to calculate the System - Lifecycle State in IdentityIQ and updating that identityAttribute.
We would like to avoid the IdentityAttribute (System - Lifecycle State) to be updated during Workday Account Aggregation.
import org.apache.log4j.Logger;
import org.apache.log4j.Level;
import java.util.Date;
import sailpoint.tools.Util;
import sailpoint.object.Link;
import sailpoint.object.Identity;
import sailpoint.object.Application;
import java.text.SimpleDateFormat;
import sailpoint.api.context;
Logger log = Logger.getLogger("bbyc.rule.CalculateIdentityAttribute-systemLifecycleState");
//log.setLevel(Level.DEBUG); // Uncomment here or add above logging trace to the log4j2.properties file to enable logging.
log.debug("Executing Rule: Calculate Identity Attribute - systemLifecycleState");
if (log.isDebugEnabled()) { logNamespace(log, this.variables); }
// Initalize Variables
log.debug ("Initializing variables...");
String systemLifecycleState = identity.getAttribute("systemLifecycleState");
log.error ("systemLifecycleState: " + systemLifecycleState );
String employmentEndDate = identity.getStringAttribute("employmentEndDate");
log.error ("employmentEndDate: " + employmentEndDate );
String workdayWorkerStatus = link.getAttribute("Worker_Status__c");
log.error ("workdayWorkerStatus: " + workdayWorkerStatus);
String benefitStore = link.getAttribute("Termination_with_Benefits__c");
log.error ("benefitStore: " + benefitStore);
Date currentDate = new Date ();
log.debug ("currentDate : " + currentDate);
// Calculate Time Difference
log.debug ("Calculate time since termination...");
SimpleDateFormat format= new SimpleDateFormat("yyyy-MM-dd");
int timeSinceTermination = 0;
if (null != employmentEndDate) {
timeSinceTermination = Util.getDaysDifference(currentDate, format.parse(employmentEndDate));
}
log.debug ("timeSinceTermination : " + timeSinceTermination);
// Calculate Attribute
log.debug("Calculating workdayWorkerStatus attribute...");
if (null != workdayWorkerStatus) {
if ("Terminated".equalsIgnoreCase(systemLifecycleState) && "Terminated".equalsIgnoreCase(workdayWorkerStatus) && "No".equalsIgnoreCase(benefitStore) && timeSinceTermination > 14) {
workdayWorkerStatus = "Deleted";
} else if ("Terminated".equalsIgnoreCase(systemLifecycleState) && "Terminated".equalsIgnoreCase(workdayWorkerStatus) && "Yes".equalsIgnoreCase(benefitStore)) {
workdayWorkerStatus = "Terminated";
} else if ("Active".equalsIgnoreCase(workdayWorkerStatus)) {
workdayWorkerStatus = "Hired";
} else if ("Leave".equalsIgnoreCase(workdayWorkerStatus)) {
workdayWorkerStatus = "On Leave";
}
}
log.debug("workdayWorkerStatus: " + workdayWorkerStatus);
log.debug("Rule executed successfully.");
log.debug("return: " + workdayWorkerStatus);
return workdayWorkerStatus;
@ntelavan Can you try with logic i mentioned ? Like check with adAttribute when terminated. Sample code added above.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.