IDN - Remove Entitlement - BeforeRule WebService - IdentityAttribute

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

hi how are you?

could you help me please? about beforeRule in IDN

in “Remove entitlement” operation, how can I get the identity attribute “email” ?

I tried the code bellow, but the webID contain the entitlement value,

I need identity attribute “email” or account schema “email”.

if (provisioningPlan != null) {
        for (AccountRequest accReq : Util.iterate(provisioningPlan.getAccountRequests())) {
            for (ProvisioningPlan.AttributeRequest attReq : Util.iterate(accReq.getAttributeRequests())) {
                String attrName = attReq.getName();
                if (attrName != null) {
                    webID = (String) attReq.getValue();
            }
        }
   }
}
2

Is "email" set as Account ID in account schema? If yes, then you can use accountRequest.getNativeIdentity() to fetch the value.

You cannot access Identity Attributes in a connector rule. Hence, you will have to add required attrtibutes as arguments to the plan using Before Provisioning cloud rule.
Attributes identityAttributesAsArgs = new Attributes();
Identity identity = plan.getIdentity();
identityAttributesAsArgs.put("key", identity.getStringAttribute("attribute"));
....
plan.setArguments(identityAttributesAsArgs)

Then you can get these values in Connector rule using
Attributes identityAttributesAsArgs = plan.getArguments();

1 Like
3

Do you know what class should I import to use
Identity identity = plan.getIdentity();?

I tried with the:
import sailpoint.object.Identity;
Identity identity = plan.getIdentity();

But recieve this error:
“Typed variable declaration : Attempt to resolve method: getIdentity() on undefined variable or class name”.

I also tried:
Identity identity = provisioningPlan.getIdentity();
but the “identity” retrieve a null value, but has value.

My code:

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import connector.common.JsonUtil;
import connector.common.Util;
import sailpoint.connector.webservices.EndPoint;
import sailpoint.connector.webservices.WebServicesClient;
import sailpoint.object.Application;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;  
import org.json.JSONObject;
import org.json.JSONArray;
import java.io.BufferedReader;
import sailpoint.object.Identity;
import sailpoint.object.Attributes;
import sailpoint.object.Filter;
import sailpoint.object.ManagedAttribute.Type;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.tools.GeneralException;
import java.text.SimpleDateFormat;
import sailpoint.rule.Account;
import sailpoint.rule.ManagedAttributeDetails;

log.info("################################### Rule - Start 0 ");

try {

    if (provisioningPlan != null) {
        for (AccountRequest accReq : Util.iterate(provisioningPlan.getAccountRequests())) {
            for (ProvisioningPlan.AttributeRequest attReq : Util.iterate(accReq.getAttributeRequests())) {
                String attrName = attReq.getName();
                if (attrName != null) {
                    Identity identity = plan.getIdentity();
                    log.info("################################### Rule - Start 1 " + identity);

                    Identity identity = provisioningPlan.getIdentity();
                    log.info("################################### Rule - Start 2 " + identity);
                }
             }
        }
    }
}
4

Example I provided is for Cloud rule. plan.getIdentity() will return null in Connector rule

5

In Connector rule have a way to return this?
Identity identity = plan.getIdentity();
“email” set as Account ID in account schema.

6

this will return null. That too if plan object is available in your rule. Otherwise this will return error.

If you have email set as Account ID in the account schema, then you can use accountRequest.getNativeIdentity() to fetch the value of email

1 Like
7

There are two Identity classes, make sure you are importing the right one in your rule.

sailpoint.object.Identity and
sailpoint.rule.identity

Link to the java docs.

1 Like
8

Hey Felipe,
Could you let us know if email is part of the any account attribute?
If yes what you can do is have 2 remove entitlement operations. In the first one do a get object and then return that value to the second operation.

Thanks

1 Like
9

Thanks everyone, I used and works:

import sailpoint.object.ProvisioningPlan.AccountRequest;  
    if (provisioningPlan != null) {
        for (AccountRequest accReq : Util.iterate(provisioningPlan.getAccountRequests())) {
            for (ProvisioningPlan.AttributeRequest attReq : Util.iterate(accReq.getAttributeRequests())) {
                String attrName = attReq.getName();
                if (attrName != null) {
                    webID = (String) attReq.getValue();
                    String identityEmail = accReq.getNativeIdentity();

                }
            }
        }
    }
2 Likes
10

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.