Hi everyone,
I’m trying to provision “proxyAddresses” as a multivalued field, and I have referred this doc, but still it provisions as a string but not multi valued, does someone have a working process, TIA.
Best Practices: Provisioning Multi-Valued Attributes - Compass (sailpoint.com)
Hi @Prashanth1812,
Take a look at the below thread, could be helpful.
If it still don’t work, please share your account creation policy here so that someone can take a look.
This is what i have:
{
"name": "proxyAddresses",
"transform": {
"type": "static",
"attributes": {
"name": "proxyAddress"
}
},
"attributes": {
"cloudDelimiter": ","
},
"isRequired": false,
"type": "string",
"isMultiValued": true
}
and its still not updating as multivalued on AD.
Hi @Prashanth1812,
Your overall format for the static transform doesn’t look correct. Where are you getting the proxy value from.?
You will need the comma separated values inside the static value field for this to work. Below is the example :
{
"name": "proxyAddresses",
"transform": {
"type": "static",
"attributes": {
"value": "smtp:[email protected],SMTP:[email protected]"
}
},
"attributes": {
"cloudDelimiter": ","
},
"isRequired": false,
"type": "string",
"isMultiValued": true
},
If you are getting the proxyaddress from an identity attribute, something like this should work, given that the identity attribute has commas separated values.
{
"name": "proxyAddresses",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "proxyAddress"
}
},
"attributes": {
"cloudDelimiter": ","
},
"isRequired": false,
"type": "string",
"isMultiValued": true
}
Hi @jesvin90 ,
thanks, but i tried the below, but its still not setting the value as multivalued. Not sure if we are missing config anywhere else.
{
"name": "proxyAddresses",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "proxyAddress"
}
},
"attributes": {
"cloudDelimiter": ","
},
"isRequired": false,
"type": "string",
"isMultiValued": true
}
Have you set the proxyAddresses value in the account schema as multi-valued.?
Also, you have the identity attribute with comma separated values.?
Yes, that’s correct Jesvin. Both are good. Not sure why it’s still not able to set the values as Multi-valued.
Technically this should work and we have implemented this already.
Can you get me sample value of your ProxyAddress Identity attribute.
Thanks
Krish
Sure Krishna, “test, test1,test2,test3” is the value
This should work, I would ask you to perform a testcase. Below is the working config for ProxyAddress in AD create account provisioning policy form.
Hardcode values and try.
{
"name": "proxyAddresses",
"transform": {
"attributes": {
"values": [
{
"type": "static",
"attributes": {
"value": "test1"
}
},
",",
{
"type": "static",
"attributes": {
"value": "test2"
}
}
]
},
"type": "concat"
},
"attributes": {
"cloudDelimiter": ","
},
"isRequired": false,
"type": "string",
"isMultiValued": true
}
Thanks Krishna,
let me try this
Thanks for the help Jesvin and Krishna,
Basically, I feel the issue was for the source I did not had UPDATE policy, as soon as i have created new POLICY with the below code it started working.
{
"name": "Account",
"description": null,
"usageType": "UPDATE",
"fields": [
{
"name": "proxyAddresses",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "proxyAddress"
}
},
"attributes": {
"cloudDelimiter": ","
},
"isRequired": false,
"type": "string",
"isMultiValued": true
}
]
}
Hi All,
looks like the above transform is adding the duplicates on the account,
for example, proxy Address identity attribute value is test1,test2… but AD proxyAddresses values are being set as
test1
test2
test1,test2.
Anyone have the same issue or a successful/working code here to update multivalued proxyAddresses in AD?
Hi @Prashanth1812,
Have you setup an attribute sync on this.? If yes, then that could be the issue as attribute sync does not work on these multivalued attributes.
Yes, I have setup attribute sync, @jesvin90 . Is there a way we can provision this to AD as multi valued when we see any updates on identity attribute other than attribute sync?
One way of handling this is by syncing the comma separated Identity attribute as such to a different single valued attribute in AD.
Then have an AfterModify script that catches changes to that attribute and call the Set AD powerShell commandlet to update the multivalued attribute.