We have a requirement to correlate manager from two different sources Contractors and SuccessFactors respectively. We need to have the manager value taken from Contractors source if the user is a contractor, if not to take it from SuccessFactors source.
We have IdentityProfile defined for SuccessFactors and Manager correlation defined for the same identity attribute for both the sources. And for Manager attribute, source selected as SuccessFactors and also the custom transform.
We used first valid transform to correlate Manager from two sources. When we preview the data on the Identity Profile for a contractor, we do see that the manager value is loaded properly from contractor source, however, when checked on the identity, it is still the manager value from SuccessFactors source after refresh and aggregation tasks.
We also observed that when applied the same transform on any other attribute of identity, the value is loaded from Contractors. This brings me to the following questions:
Does IDN transform support correlation to manager identities from different sources?
Can we achieve this requirement by a manager correlation rule? Or any other alternatives?
Any leads on this would be very helpful. Thank you in advance.
I just found a post related to similar requirement, but I don’t see the conclusion if manager correlation rule worked for the use case. Have anyone tried this approach?
I have a similar issue with the manager coming from SuccessFactors for employees and from Fieldglass for contractors? Any guidance would be great or an example of a transform would be even better.
@uday_kilambiCTS you can use a manager correlation rule which will solve the issue
sample
import sailpoint.object.Link;
import sailpoint.object.QueryOptions;
import sailpoint.object.Filter;
import sailpoint.object.Identity;
import java.util.Map;
import java.util.HashMap;
log.error(\"Rule Name: HR Manager Correlation Rule - Message = Creating list of applications\");
//Creating a list of all the HR applications to search for.
List applications = new ArrayList();
applications.add(\"App2");
applications.add(\"App 1");
/**
Gets the manager identity link from HR system. \"Reporting Officer ID\" attribute of the subordinate HR record will be matched against \"Employee Number\" / account name record of the manager HR record.
@param employeeNumber employeeNumber of the manager.
@return manager identity if available.Else null value will be returned.
*/
Identity getManagerIdentity(String employeeNumber){
log.error(\"Entering the method - getManagerIdentity - employeeNumber = \"+ employeeNumber );
//QueryOptions and filters are built for querying the account in HR sources.
QueryOptions qo = new QueryOptions();
qo.addFilter(Filter.eq(\"nativeIdentity\", employeeNumber));
qo.addFilter(Filter.in(\"application.cloudDisplayName\", applications));
//Getting links based on the filters built. This should match with only 1 account as per the customer data / design.
List links = context.getObjects(Link.class, qo);
//No links found or duplicates found.
if( links.size() != 1 ){
//Manager can't be set in this case. Hence, return null.
log.error(\"Exiting the method - getManagerIdentity - identity = \" + links.size());
return null;
}
else{
//returns identity of matching HR record.
Identity identity = links.get(0).getIdentity();
log.error(\"Exiting the method - getManagerIdentity - identity = \" + identity.getName());
return identity;
}
// safety null return
log.error(\"Exiting the method - getManagerIdentity - identity = null\");
return null;
}
@schattopadhy - Yes this rule should work in IdentityIQ, but we are looking for a solution for IdentityNow. Have you got any chance to achieve this requirment via rule in IdentityNow?
@uday_kilambiCTS we applied it as a cloud rule in identity now and applied to the source .by removing the existing correlation.
Please try to create it and use PS expert service to upload.
Thanks
Shantanu