IsManager Attribute showing value false for every user on AD source after attribute Sync

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hello All,

I have created “Is_Manager” attribute with Boolean type and it is showing “Y” for managers and “–” for non managers on identity profile.
Also I have mapped “Is_Manager” identity attribute to extensionAttiribute10 (Boolean Type) on AD source but the issue lies in the provisioning logic - SailPoint is not correctly pushing “Y” into AD as “true”, It’s converting it into a boolean “false” for every identity (Account attribute on AD source)

I want to see value “True” for managers and “False” for non managers on extensionAttribute10 on AD source.
Can someone please help me with suggestion on setting up the logic here.

2

am assuming Is_Manager is identity attribute that is giving values Y and -, here i suggest use transform replaceAll as given for example:
{
“attributes”: {
“table”: {
“-”: “False”,
“Y”: “True”

}

},
“type”: “replaceAll”,
“name”: “Replace All Transform”
}

then provisioning policy works as expected, I also suggest also try extensionAttiribute10 string type as well rather a Boolean

3

Thank you for suggestion…But this can affect other transforms also right?
Is there any transform which we can use only for attribute “Is_Manager” to populate the True/False value?

Also I will try extensionAttiribute10 string type rather a Boolean

4

Do use string type for extension attributes as that is the type in AD

5

am saying to use transform only for Is_Manage, why it affect other transforms? transforms are written for a desired attribute to manipulate data. here we manipulating Y as True and - as False

6

Hi @Samaythorat_50

Try to do the following:

  1. Ensure the extensionAttribute10 is set to data type String
  2. for the is_Manager attribute, apply a simple lookup transform to map Y to “True”, and default to “False”.
  3. Ensure is_Manager is part of your AD account schema, and is enabled for attribute sync (if you want to keep it always in sync with AD).
  4. Save all configurations, and on the identity profile, check the preview values for confirmation.
  5. Process identities, validate if the same reflects on AD as expected.

Hope this helps!

1 Like
7

Hello,

You can use the following steps to resolve the issue structurely.

  1. Validate whether extensionAttribute10 is of which data type, whether a boolean or string? I think it would be string only.
  2. Create a new identity attribute named IsManager in respective identity Profiles.
  3. Once new attribute is created in the identity profile, create a new transform as below.
{
    "name": "Transform - Static - IsManager",
    "type": "static",
    "attributes": {
        "IsManager": {
            "attributes": {
                "values": [
                    {
                        "attributes": {
                            "id": "$identity.getManagerStatus()"
                        },
                        "type": "static"
                    }
                ]
            },
            "type": "firstValid",
            "ignoreErrors": "true"
        },
        "value": "#if( $IsManager == 'true' )true#{elseif}($IsManager == 'false')false#{else}#end"
    },
    "internal": false
}
  1. Map this transform to IsManager attribute which you have created in identity profile.
  2. Go to AD source
  3. Go to Create Profile
  4. Add extensionAttribute10 to the create profile (Make sure this attribute is also there in Account Schema in case you want this to be part of AD aggregation)
  5. Map the extenionAttribute10 with identity attribute named as “IsManager”
  6. Save the configurations of Create Profile
  7. Test AD provisioning
1 Like
8

Use a simple lookup transform in your Identity Profile with a default value of false:

{
    "type": "lookup",
    "attributes": {
        "table": {
            "Y": "true",
            "default": "false"
        }
    },
    "name": "Lookup Is_Manager"
}
1 Like
9

Thank you for the detail information.

10

Thank you for detailed information.

11

Thank you. It worked!