Substring Transform within Workflow

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
8

This is an elegant solution, but why not take it a step further and incorporate it into the UPDATE function and have Sailpoint move the user to the correct OU instead of raising a ticket:
Create 2 identity attributes
ActiveParentOU - where they should be (use a transform to concatenate their CN with their Manager’s DN)
ActualParentOU - where they are
then:

          {
            "name": "Update Account",
            "description": null,
            "usageType": "UPDATE",
            "fields": [
              {
                "name": "AC_NewParent",
                "transform": {
                  "type": "static",
                  "attributes": {
                    "value": "#if($activeParentOU != $actualParentOU)$activeParentOU#{else}#end",
                    "activeParentOU": {
                      "type": "reference",
                      "attributes": {
                        "id": "Active Parent OU"
                      }
                    },
                    "actualParentOU": {
                      "type": "reference",
                      "attributes": {
                        "id": "Actual Parent OU"
                      },
                      "ignoreErrors": false
                    }
                  }
                },
                "attributes": {},
                "isRequired": false,
                "type": "string",
                "isMultiValued": false
              }
}
1 Like