Reusing transform rule result in other transforms within the same provisioning policy

Identity Security Cloud (ISC) ISC Discussion and Questions
, , ,
1

I have created a rule to calculate a unique SAMAccountName for Active Directory, which works great. This rule is referenced in the Account Provisioning Policy for AD. I want to use the result of this rule as the basis for other attribute values within the same provisioning policy. Does anyone have an idea how this can be done. I want to avoid running the same rule multiple times for different attribute transforms in the same provisioning policy as it is unnecessary and will just use processing power that’s not required. The code snippets shows How i generate the sAMAccountName, but i want to use the result to form the ‘mail’ attribute (code example doesn’t work. How can this be done without multiple calls to the rule itself?

{
            "name": "sAMAccountName",
            "transform": {
                "type": "rule",
                "attributes": {
                    "name": "sAMAccountName Generator"
                }
            },
            "attributes": {
                "SourceIds": [
                    "1a8c201f46eb47a3b597a13c8183d864"
                ]
            },
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "mail",
            "transform": {
                "type": "static",
                "attributes": {
                    "values": "$(sAMAccountName)@libertycloud.biz"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
2

Hi @cjw11,

Welcome to SailPoint Developer community.

In default configuration the way you will add your attribute, their output can be used in the attribute in the lower order by default. You just have to arrange them.

Please check the documentation for more clarity.

Thanks

3

I think you’re syntax is correct juste be sure that sAMAccountName is define before mail in your identity profile and remove () arround your sAMAccountName in static value :

{
            "name": "sAMAccountName",
            "transform": {
                "type": "rule",
                "attributes": {
                    "name": "sAMAccountName Generator"
                }
            },
            "attributes": {
                "SourceIds": [
                    "1a8c201f46eb47a3b597a13c8183d864"
                ]
            },
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "mail",
            "transform": {
                "type": "static",
                "attributes": {
                    "value": "[email protected]"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        }
}

or in the ui :

image
image882×311 7.31 KB

It’s same that expression giving in JSON.

4

Hey @cjw11,

You’re on the right track and this looks great, but you will need to put the attribute in curly braces. Make sure that your sAMAccountName attribute is higher on the list of attributes than mail attribute (just like it is in the example you provided). This is because the attributes in the Create Profile are generated from top to bottom.

mail should be static, and your value would be:

${sAMAccountName}@libertycloud.biz

Once you make that change, you should see it work the way you want! Excellent work.

1 Like
5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.