In the context of a migration from IIQ to ISC, we need to replicate a strictly sequential unique attribute generation mechanism.
Requirement
For each new Identity, a unique attribute must be generated in the format Z-XXXX, where XXXX represents the next available sequential number.
This attribute is required for birthright provisioning across multiple independent target systems (e.g., Active Directory, Entra ID), which may be provisioned in parallel.
Current IIQ implementation:
Retrieve the last used value from the database
Increment the value by 1 (V-XXXX → next value)
Perform a uniqueness check across existing identities
In ISC, we are looking to understand how to reliably implement this kind of strictly sequential counter, particularly considering concurrency and parallel provisioning scenarios.
Has anyone implemented a robust approach for this in ISC ?
As you are already utilizing database, you can generate a unique coutner on the database side and use that in ISC.
Integrate that database source in ISC for provisioning and aggregation.
When a new identity is created in ISC, have a automated role that would add a row for that user in database, and have a column in your database that automatically generates a incremented value which you can agrregate back in ISC and use that uniquely generated value.
If you are ok to generate the attribute during provisioning to another source, then you could make use of attribute generator rule.
The advantage of this would be that you can even check against other source’s attributes also for the uniqueness to really make sure that attribute is unique. It does involve making some attribute searcheable where you can make them available to be searched during the rule calculation. But it does then the unique ness check agaisnst only the accounts that are present in the ISC so if anything new was created in back-end directly and aggregation has not run yet, then there is a slight chance of duplicacy.
Idea, is that you generate the unique username and then provision it to a target application and from this target application you read back the attribute and store it as an identity attribute.