IDN Rule utilities not accessible in WebService Connector

I am writing a BeforeOperation rule for Disable operation for a Web Service Connector.
I am trying to use the idn rule utilities by importing -
import sailpoint.rule.Identity;
import sailpoint.rule.Account;
import sailpoint.rule.ManagedAttributeDetails;
import sailpoint.rule.RuleObjectFactory;
import sailpoint.rule.*;

and trying to execute the below apis-

sailpoint.rule.Identity foundIdentity = idn.getIdentityById("uid");
idn.accountExistsByNativeIdentity(accRequest.getApplication(), accRequest.getNativeIdentity());

but it is throwing below error-
Typed variable declaration : Attempt to resolve method: getIdentityById() on undefined variable or class name: idn
Typed variable declaration : Attempt to resolve method: accountExistsByNativeIdentity() on undefined variable or class name: idn

These methods seems to be working with AD before provisioning rule so not sure why it is not working with WebService Connector.
Also, I am trying to use the provisioningPlan.getIdentity() method to fetch the identity object but it doesnot working and giving null. I am able to see the plan in logs and able to fetch the IDN native identity using provisioningPlan.getNativeIdentity() and account native identity using accReq.getNativeIdentity(). Not sure why provisioningPlan.getIdentity() is giving null.

Note- Input object provided by WebServiceBeforeOperation rule is -provisioningPlan

Any suggestions what i am missing here.


@colin_mckibben any thoughts on this?

The input arguments to a WebServicesBeforeOperation rule do not include an idn object.

This is why you’re getting “undefined variable or class name: idn”

@briane_bullock thanks for the response. What is the best way you would recommend to fetch the identity object in this rule? as provisioningPlan.getIdentity() method to fetch the identity object but it does not work and gives null.

what’s the method to extract an account attribute from the same WS source?

@yunus_ali and I work on the same team, our challenge is we need to use “id” account attribute to disable the user, however we are unable to fetch this as it is not set as accountId on the source (this because id is generated dynamically by the web service when we do a create user call and the create user call gives an error if accountId isn’t defined beforehand)


I am running into almost the exact problem as you, I am trying to grab identity attributes thru Web Service Before Provisioning Rule for the “Add Entitlement” action, and I too cannot use provisioningPlan.getIdentity(). Did you end up resolving this? If yes, can you share some information on how did you guys go about resolving this?

Thank you so much,

Daniel Yu

Hi Daniel,
I am assuming you are talking about WebServiceBeforeOperation rule.
We cannot use any sailpoint object which is not present in the connector rule. These objects are accessible only in the cloud rule. As the plan is not present as object in WebServiceBeforeOperation, we cannot access it and hence neither the method it provides.
In our case, the attribute we needed was present as part of the account attribute so we called the target system api to fetch that attribute and then used it for later operation.

Thank you so much Yunus!!