Multi-Valued Identity Attribute

ts_fpatterson · February 5, 2026, 3:09pm

Anybody having issues or know the best process for setting an Identity Attribute to be multi-valued?

I tried through the API to set isMulti to true. I also tried through vscode.

It takes the setting, but I can’t populate the Identity attribute with more than one value. It has been several days. The identity profile was updated afterwards and changes applied.

I tried through a rule initially to set the multiple values and then I used a mock delimited file connector to set multiple - values directly to the source attribute that should the multi-valued attributes on the source attribute.

I wrote a python script to validate the schema across accounts for an identity as well as the Identity attribute itself. Below is the JSON response for the schema on the Identity Attribute.

======================================================================
STEP 3: SCHEMA CONFIGURATION CHECK & FIX

Fetching Schema definition for ‘activePositions’…

— DEBUG: SCHEMA DEF FOR activePositions JSON START —
{
“displayName”: “Active Positions”,
“multi”: true,
“name”: “activePositions”,
“searchable”: false,
“sources”: [
{
“properties”: {
“ruleName”: “Cloud Promote Identity Attribute”,
“ruleType”: “IdentityAttribute”
},
“type”: “rule”
}
],
“type”: “rule”
}
“type”: “rule”
}
“type”: “rule”
}
“type”: “rule”
}
],
“type”: “rule”
}
“type”: “rule”
}
],
“standard”: false,
“system”: false,
“type”: “string”
“type”: “rule”
}
],
“standard”: false,
“type”: “rule”
}
],
“type”: “rule”
}
“type”: “rule”
“type”: “rule”
}
],
“standard”: false,
“system”: false,
“type”: “string”
}
— DEBUG: SCHEMA DEF FOR activePositions JSON END —

Found Attribute. ID: NONE (Implicit)
Current ‘multi’ setting: True
SCHEMA VERDICT: Correctly Configured as Multi-Valued.

Mock Data Source attributes:

“attributes”: {
“familyName”: “Doe”,
“givenName”: “John”,
“id”: “130343”,
“idNowDescription”: “aecfebcdc786797d791cc7de7091e39698538816ccba11”,
“mocked_active_positions”: [
“10000328##Teacher Secondary##JC139##Ballard Ridge##2004-08-13##”,
“10060468##Teacher Sec - PE##JC131##Seacrest Middle##2024-10-16##”,
“10060469##Teacher - Coach##JC104##Timp High##2024-11-16##”
],
“name”: “John Doe”
},

Thoughts on why multiple values are not being added to the Identity Attribute, the first one is, the subsequent are not?

j_place · February 5, 2026, 3:59pm

Hi @ts_fpatterson Multi valued Identity Attributes aren’t supported. Yes, there’s a multi attribute visible on the API, but it doesn’t enable the ability to store multi valued attributes

amulpuru · February 5, 2026, 6:33pm

You can’t make identity attribute as multi Even though it shows at API instead of you really what to populate all the values of multi attribute to an identity attribute try concatenation as provide in this thread

ts_fpatterson · February 5, 2026, 8:06pm

So if we have multiple positions and a user has multiple job codes

How do we best represent the job codes for a role to evaluate if the Identity has. Do we put it in a JSON format {jc001, jc002} build the string as a transform?

j_place · February 5, 2026, 8:29pm

Have you thought about using an Entitlement Type?

ts_fpatterson · February 5, 2026, 10:28pm

Any best practices with the Entitlement type approach?

I would need to exclude the entitlement from the certification.

phodgdon · February 6, 2026, 12:50am

You can store them as delimited strings such as job1|job2, etc.

j_place · February 6, 2026, 9:17am

Hi Fred. See Creating and Managing Entitlement Types - SailPoint Identity Services I would also recommend updating the Display Name and Description see Managing Entitlements - SailPoint Identity Services
Entitlements would only be added to Certifications if you configured the Certifications that way.

amulpuru · February 6, 2026, 10:37am

Hi @j_place Can you elaborate a bit on this statement

Entitlements would only be added to Certifications if you configured the Certifications that way.

So they don’t include certificate as they coming from source because

neither we are requesting nor assigning as birth right is that correct statement ?
Reference

j_place · February 6, 2026, 12:01pm

Not really. I’m assuming that there are no certification campaigns set up for this source because it’s an auth source. Entitlements that are aggregated would need to be added to a campaign and then the source would need to be enabled for provisioning to make any sense. Think of an AD source where group membership is aggregated. A user could be a member of many many groups and you wouldn’t want all of them in a certification campaign.
The document to which you link is just saying that if you wanted to certify entitlements they should be stand-alone and not incorporated into APs or Roles

Topic		Replies	Views
Merge multi valued attribute using delimiter ISC Discussion and Questions identity-security-cloud	15	522	May 5, 2025
Transform for multi-valued Account Attributes ISC Discussion and Questions	2	2830	July 19, 2023
Unable to update Identity Attribute flag : Multivalued as TRUE ISC Discussion and Questions identity-security-cloud , identity-profiles	4	316	July 9, 2024
Multi-Valued attribute in provisioning plan - not working ISC Discussion and Questions webservice-connector , rules , identity-security-cloud , provisioning	13	994	March 17, 2024
Providing a multivalued attribute as input to a rule transform ISC Discussion and Questions transforms , identity-security-cloud	8	433	April 25, 2025

Multi-Valued Identity Attribute

====================================================================== STEP 3: SCHEMA CONFIGURATION CHECK & FIX

Related topics

======================================================================
STEP 3: SCHEMA CONFIGURATION CHECK & FIX