Sync attribute only when in certain LCS?

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hi everyone,

Does anyone know if it’s possible to only sync a certain Identity Attribute to a source WHEN the Identity is in a certain LCS instead of as soon as the Identity Attribute has a value and the source is connected?

E.g.

Sync Identity Attribute → Account Attribute when in LCS == Active

Thanks!
Adam

2

Hi @adama,

By default sync will always happen once activated.

Instead of use sync attribute you can deploy Sailpoint service standard before provisioning rule i, your tenant Services Standard Before Provisioning Rule - Identity Security Cloud (ISC) / ISC Discussion and Questions - SailPoint Developer Community and configure cloudServicesIDNSetup in your source like this :

"cloudServicesIDNSetup": {
            "eventConfigurations": [
                {
                    "eventActions": [

                        {
                            "Action": "UpdateAttribute",
                            "Attribute": "department",
                            "Value": "#{identity.department}"
                        }
                    ],
                    "Identity Attribute Triggers": [
                        {
                            "Attribute": "cloudLifecycleState",
                            "Value": "active",
                            "Operation": "eq"
                        },
                          {
                            "Attribute": "department",
                            "Value": "*",
                            "Operation": "eq"
                        }
                    ],
                    "Operation": "Modify"
                }
            ]
        }
1 Like
3

This can be achieved by deploying the Before Provisioning Rule. You can use the Service Standard Rule what SailPoint provides and then configure as below using an source update api

“cloudServicesIDNSetup”: {
“eventConfigurations”: [
{
“eventActions”: [

                    {
                        "Action": "UpdateAttribute",
                        "Attribute": "department",
                        "Value": "#{identity.department}"
                    }
                ],
                "Identity Attribute Triggers": [
                    {
                        "Attribute": "cloudLifecycleState",
                        "Value": "active",
                        "Operation": "eq"
                    },
                      {
                        "Attribute": "department",
                        "Value": "*",
                        "Operation": "eq"
                    }
                ],
                "Operation": "Modify"
            }
        ]
    }
4

ISC is not supporting conditional attribute sync, and you can upvote the idea which is submitted here Allow conditional attribute sync based on | SailPoint Ideas Portal.

Meanwhile you can use Before Provisioning Rule or Service Standard Before Provisioning rule. The Service Standard BPR is recommended to use in mock project, so it may require special approval from the customer to deploy it.

1 Like
5

Thanks all. I have upvoted the Idea.

We’ll try to use Before Provisioning Rule to achieve this , thanks.