Manager correlation rule

Hi All, we have identity profile created for non human accounts that exists on AD. For this, we created a separate AD source with filter to not include user object type. For these non human users we store the manager ID value in extensionAttribute9. For a lot of these accounts there are multiple manager assigned to them and are comma separated. The manager correlation on source UI is set to identity attribute extensionAttribute9 equals account attribute extensionAttribute9. For the users with multiple manager, this does work as it is unable to find an identity with multiple IDs. For this, I have written a manager correlation rule. Could you please help me validate if this rule would work. The rule validator seems to give error Could not retrieve definition for variable name ‘account’ String extAttr = account .getStringAttribute ( “extensionAttribute9” ). When I pass static value in variable extAttr then the validator return 0 error. Please find my code below:

Map returnMap = new HashMap();

//Fetching extensionAttribute9 value 
String extAttr = account.getStringAttribute("extensionAttribute9");
log.error("Value of extensionAttribute9 is:"+extAttr);

//Split the value by comma
String[  ] managerIds = extAttr.split(",");

String firstManagerId = null;
String singleManagerId = null;

//Checking if there are 2 or more values and returning the manager value
if ( managerIds.length >= 2 ) {

            String firstManagerId = managerIds[0].trim();
			log.error("Value of first manager Id is:"+firstManagerId);
			
            String secondManagerId = managerIds[1].trim();
			log.error("Value of second manager Id is:"+secondManagerId);
			
			} else if ( managerIds.length == 1 ){
			
			String singleManagerId = managerIds[0].trim();
			log.error("Value of single manager Id is:"+singleManagerId);
						
			} else {
			
			log.error("extensionAttribute9 does not contain any value");
			return null;
			
			}

if ( firstManagerId != null ){

returnMap.put( "identityAttributeName", "manager");
returnMap.put( "identityAttributeValue", firstManagerId );

} else if ( singleManagerId != null ){

returnMap.put( "identityAttributeName", "manager");
returnMap.put( "identityAttributeValue", singleManagerId );

} else{

log.error("extensionAttribute9 does not contain any value");
return null;

}
return returnMap;

You don’t get account Object in Manager Correlation rule. What you get is a link

secondManagerId is not used. Why is it created?

Overall the rule can be simplified, but seems like it will work once you fix the account object. ie use Link instead of Account

Just wanted to add that identityAttributeName would not be manager. It should be the name of the attribute which holds id in manager’s identity

Thanks for the reply and suggestion! It passed through rule validator. I will get it uploaded to non prod and test it.

Is it possible to fetch manager lifecycle state? If yes, how can I do it? I want to switch the first manager to second manager in case first is inactive

Hi @sidhantpandey ,

On a high-level, below can help you get the manager LCS:

	List identityList=idn.findIdentitiesBySearchableIdentityAttribute("username","Equals",firstManagerId,"username");

	identity=identityList.get(0);
	String lcs = identity.getAttribute("cloudLifeCycleState");

Thanks,
Shailee

Thanks Shailee! The rule validator gives error that it cannot find method getAttribute() on object identity.

Hi Sidhant,

Possible to type cast identity object and check :

List identityList=idn.findIdentitiesBySearchableIdentityAttribute("username","Equals",firstManagerId,"username");

	sailpoint.object.Identity identity=identityList.get(0);
	String lcs = identity.getAttribute("cloudLifeCycleState");

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.