Password Expiry notification

Hi Team,
We are trying to create a password expiry notification for all the iSeries sources (around 30 sources) in our environment. SailPoint has password expiration reminder notification for AD source only. Is there a way to send the reminder email on all these source? Any help will be appreciated. Thanks.

Hi @NikeshRao2054 ,

This can surely be achieved. For a similar requirement, we implemented the below way.

Requirement:
We do have an account attribute passwordExpiryDate, requirement is send reminder email 7 days before expiration.

We did the below to acheive this:

  1. Set up a identity attribute eg: appNameReminderFlag which is boolean
  2. Used transform to populate the reminderFlag to true or false based on the expiration date. It turns to true when the expiration is exactly 7 days before.
  3. Developed a workflow with trigger as identity attribute changed, in this case reminderFlag from false to true.

When the workflow is initiated, send an email to the user about the expiration. This way it works for us without any issues.

Hope this helps.

Regards,
Uday Kilambi

1 Like

Hi @uday_kilambiCTS Did you create a single transform for all the source? I created this transform for a source but it seems to return true for all the identity.

{
    "id": "",
    "name": "10 days to password expiry - iSeries",
    "type": "dateCompare",
    "attributes": {
        "firstDate": {
            "type": "firstValid",
            "attributes": {
                "values": [
                    {
                        "type": "dateFormat",
                        "attribute": {
                            "inputFormat": "dddd MMM dd HH:mm:ss yyyy",
                            "outputFormat": "ISO8601",
                            "input": {
                                "attributes": {
                                    "attributeName": "PWDEXPDATE",
                                    "sourceName": "iSeries - Cesium"
                                },
                                "type": "accountAttribute"
                            }
                        }
                    },
                    "2099-01-01T00:00:00Z"
                ]
            }
        },
        "secondDate": {
            "type": "dateMath",
            "attributes": {
                "expression": "now+10d/d",
                "roundUp": false
            }
        },
        "operator": "lt",
        "positiveCondition": "true",
        "negativeCondition": "false"
    },
    "internal": false
}

We used it only for one source similar to what you have done. And the above code will return true for all the days until the expiration date is in future.

Unfortunately, we do not have equals operation for date.
Here is what we have done, we used a conditional operation transform with two attributes:

  1. lessthancomparison - where we validate the expiration date less than or equal to now+10d
  2. greaterthancomparison - where we validate the expiration date greater than or equal to now+10d

Now the ideal date when the email should be sent is exactly 10 days before the expiration date. So, in the conditonal transfer we have an expression query used, something like this:
$lessthancomparison$greaterthancomparison eq truetrue

Both of them will be true only when the date is exact date indirectly equal condition.

Hey @uday_kilambiCTS
When ever I evaluate my transform in VS code I get true/false value but when I check the value in SailPoint I get null. Any ideas why that maybe?
Thanks

Hi @NikeshRao2054 ,

Is it Null or True? In your earlier comment, you mentioned it always resulted in true right?

Regards,
Uday

Hi @uday_kilambiCTS
When I evaluate the transform I get true/false returned in VS code. But when I check in IDN UI I get null returned by attribute.

Thanks
Nikesh

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.