I have question around building a workflow in NERM to generate a userid that would then be passed to IdN on aggregation and used to populate the down stream systems. Right now we have Workday creating and sending use a user id for all of our workforce that reside in workday. I want to add this same functionally to NERM so that I can retire the current process we have in our IdN tenant that has been causing us a lot of trouble since we went live with IdN.
Any suggestions would be wonderful on how I could accomplish this workflow in NERM.
For one of my customer, I am doing the same process for contractors by generating their worker IDs based on a predefined pattern and user ID. Since the contractor user ID pattern differs from that of employees, I am not checking in IDN, although that is an option. Ensuring uniqueness is more complex and requires multiple steps in the workflow. After a contractor is created in NERM, the profiles are aggregated in IDN and their identity is created accordingly. For this, I have created a WS based connector. If you have any follow-up questions, please feel free to ask, and I’ll be happy to answer them.
Did SailPoint provide you a “baseline” installation? If so, then the “New Non-Employee & Assignment” workflow (or similarly named workflow) should contain a “Set Attributes” action block that sets “Person ID” based on a value builder called “SZ Person ID Builder” (or similar name).
If you don’t have a “baseline” installation, then in the workflow you’re currently using to create new non-employee records, you just need to add an entry before saving the profile that includes a “PersonID” attribute (textfield) that’s based on a value builder similar to the following.
Thank you. I have a older install for NERM. I will have to build out the SZ Person ID Builder. I am happy to hear this is possible. This will keep me from having to mess with cloud based rules in IdN.
Value builders functionality will be the apt solution for your ask.
I have worked on this use-case. Please do drop your queries and concerns more than happy to help out.
Thank you everyone for the responses. I was able to build out formula to meet our requirements and so far our testing is very positive and will help in improving the process.
I see in the workflows that API calls can be made. I will have a requirement where I will need to check and see if the user already exist in IdN before assigning a new Id to the user. Does the API function in the workflow allow for pulling data from the API Response to then populate a attribute field in NERM?
Yes there is the Workflow Action to call an API and capture its responses you can leverage that to check for the ID. But if I am not wrong currently ISC acts as an IDP for NERM and you can have JIT for having the NERM specific users flowing in from ISC/IDN.
We have dual source users. And want to capture our Employee population to keep from having to generate a new id for them. I have the attribute in NERM to not allow for duplicates so duplicates is less of a concern if they are only NERM users. The trick is to keep from creating a new ID for anyone who is already in Workday and to use the Workday ID if it already exist.
