If manager is not exiting in identityNow , we need to skip the record or pass the empty map

Hi ,

if manager is not exiting in identityNow , we need to skip the record or pass the empty map.

Pls let me know whether we can achive it in any rule like (Correlation rule ,Manager correlation rule And build map rule )

Thank you,

The configuration requirements will vary based on the source type. Depending on the circumstances, you may be able to incorporate a filter or query to bypass these records, or utilize a buildmap rule to prevent such records from being included in the IDN.

Thank you for Quick response @sunnyajmera .

the feature idn.getIdentityById doesn’t work in BuildMap Rule. Can you suggest me an alternative solution for this , Our main intention is to not provision a Manager whose account is not existing in SailPoint IDN

Before proceeding, could you please provide information about the type of source you are working with? Additionally, consider implementing a filter on the source that allows you to exclude accounts without a manager from the account aggregation process.

Hi @sunnyajmera ,

I’m Using Delimited connector , And I just wanted to not provisioned whos manager is not existing in IDN.

As i check IDNRuleUtil will not available in Buildmap rule ,So that i can exclude managers from During aggregation.

Thank you ,

Could you please help me to understand the question, You are looking for an option, if a Manager is not set on Identity CUbe, you want to block the provisioning on the one source. or do you want to block creating an identity cube from an authoritative source if the manager is not set/empty?

Hi @raghu,

Thank you for reply.

I’m using Delimited connector, In CSV file User have manager but that manager is not Existing in identityNow.

In this case, I wanted to stop provisioning for this user(Whose manager is Not Existing in IDN) or skip this user from aggregation.

Thank you,


Thank you for the explanation.

In Aggregation, We cannot filter on identity attributes. Only way to filter is using account attributes (in your case csv columns). If you have a manager value in csv and do not have a manager in identity attribute in identity cube, we cannot achieve this with directly.

When provisioning, you mean you creating a new entry into csv file or third party system ?. However, During Provisioning, Here also we cannot stop provisioning based on identity attribute values in IDN. One bad fix is to stop provisioning with error in data transformation in create account, which is not suggestable.

I am curious to understand your business use case around your requirement.


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.