Hello all,
I have this requirement.
The HR Source provide me only anagraphic attributes like name, surname, SSN, location etc… but not the userID of the person.
The requirement is to autogenerate in Sailpoint a userID in format
FxxxxA
where xxxx is a number autoincrement.
For example:
F0001A
F0002A
F0003A
etc…
What is Sailpoint’s recommended procedure to do this?
Thanks
Hi Francesco,
Please refer the post below. You might be able to achive this use case based on the method mentioned here.
I’ve read this post but it is not clear.
I cannot use transform in the Identity Profile because this is called in parallel (it is not recommended by Edwin Sauve ambassadors).
I cannot use Generator in the Source HR for the Create Account because we read from the source HR and we do not create an HR account.
Image the scenario where I have only the Source HR and I need to generate the userID. I don’t know the process and where put the code.
Thanks
In most cases, I put the userID generator on the primary directory source that all users get created into, for example, Active Directory. You can use a transform in the create profile or attribute generator rule if you need more complex rules.
Think about it this way, you have to “create” the userID in the context of a source that can store the ID. So it will always be need in AD, therefore you can have SailPoint generate it there. You can go on to create an identity attribute that has the userID so that you can use it with other systems.
Here is a link to the username generator transform:
Also a link to the attribute generator cloud rule:
Hi,
to perform this, is required that HR send us a uniqueID for every user in HR (if this id is not present I think is not a possible solution).
So for example:
{
"id": "458734563",
"name": "Mark",
"surname": "Red",
"companyCode": "27",
and other attributes.....
}
To configure the source HR I need to set and Account ID and an Account Name.
In this case they will be equals to 458734563.
When I configure the Identity Profile I need to set:
Sailpoint Username (uid) = Account ID or Name (that in my case will be 458734563).
I perform an aggregation and I think that I will see the Identity in this way:
Then I need to configure in the Active Directory source the Create Account section:
and here we must apply the rules to generate custom uid format (right ?)
For example we can generate account AD with userPrincipalName = F12345A
where the number is a counter ecc…
After the AD creation we will perform an Account AD aggregation.
To store the AD userPrincipalName on the Identity we can create another attribute in the Identity Profile and link userPrincipalName to this attribute. So for example:
In this way we can use this attribute also for the uid of the others accounts.
This is the right way to perform this ?
It is wrong change, in Identity Profile, the mapping for Sailpoint Username (uid) and set userPrincipalName of the AD ?
Thanks
You are on the right track,
I am not sure I understand your last question:
It is wrong change, in Identity Profile, the mapping for Sailpoint Username (uid) and set userPrincipalName of the AD ?
Can you explain more?
This question is about the format of userID Sailpoint that I don’t like.
But I think that username and name of the Sailpoint Identity is better not to change them after assigning them the first time.
Thanks
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
