Hi! I have a jdbc connectors on which I have this line to retrieve account name:
String nativeIdentity = plan.getNativeIdentity();
But instead of this, when I do log.debug(nativeIdentity) I observe that value retrieved is the authoritative source account name, not the actual jdbc account name.
Is this expected?
@jsosa - In General a provisioning plan looks like below -
<ProvisioningPlan nativeIdentity="1c2c3d4c" targetIntegration="Wintel Application" trackingId="bad5d30189ac49f68695ca0bd93144f2">
<AccountRequest application="Wintel Application" nativeIdentity="dbId01" op="Create">
<Attributes>
<Map>
<entry key="comments" value="Test Business Justification"/>
<entry key="flow" value="AccountsRequest"/>
<entry key="interface" value="LCM"/>
<entry key="operation" value="Create"/>
</Map>
</Attributes>
<AttributeRequest name="userName" op="Set" value="Cindy.Little@demoexample.com"/>
<AttributeRequest name="Inactive" op="Set" value="False"/>
<AttributeRequest name="empID" op="Set" value="1c2c3d4c"/>
<AttributeRequest name="Manager" op="Add" value="c0a838668c661054818c662db0cb00fe"/>
</AccountRequest>
<Attributes>
<Map>
<entry key="identityRequestId" value="0000000128"/>
<entry key="requester" value="spadmin"/>
<entry key="source" value="LCM"/>
</Map>
</Attributes>
<Requesters>
<Reference class="sailpoint.object.Identity" id="c0a838668c61120e818c6113437800eb" name="spadmin"/>
</Requesters>
</ProvisioningPlan>
In the XML, A provisioning plan attribute contains the nativeIdentity which implies that this provisioning plan belongs to which user in Sailpoint. In our case, it is for 1c2c3d4c.
<ProvisioningPlan nativeIdentity="1c2c3d4c" targetIntegration="Wintel Application" trackingId="bad5d30189ac49f68695ca0bd93144f2">
Next is the AccountRequest attribute which contains multiple details -
For which application, the plan is applicable? In our case, it’s the Wintel Application.
What is the native identifier for the account? In our case, It is dbId01
Which operation needs to be performed? In our case, It’s the create operation.
ProvisioningPlan.getNativeIdentity() is plan-level and holds the identity’s authoritative name (from the source that triggered the request), not the target app’s account name. For the JDBC account, you must read the AccountRequest’s native identity (or its username attribute), not the plan’s.
Below is the correct way to fetch native identifier for the target system -
AccountRequest accReq=plan.getAccountRequest(appName);
String nativeIdentity=accReq.getNativeIdentity();
Hope this helps.
Hi Amit thanks for responding. It is strange, because in log I see that native identity is correct in xml. But when trying to retrieve it with plan.getNativeIdentity() it brings the authoritative source account name instead.
@jsosa -
Below is the correct way to fetch native identifier for the target system -
AccountRequest accReq=plan.getAccountRequest(appName);
String nativeIdentity=accReq.getNativeIdentity();
ProvisioningPlan.getNativeIdentity() is plan-level and holds the identity’s authoritative name (from the source that triggered the request), not the target app’s account name.
Correct way to fetch -
ProvisioningPlan.getAccountRequest(appName).getNativeIdentity();
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.