Transform - getReferenceIdentityAttribute manager ID not working

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi, I’m trying to use the transform operation - getReferenceIdentityAttribute to retrieve manager’s display name and ID (SailPoint Identity ID) and provision these values to downstream application via create account action.

Manager’s display name can be retrieved and flow down successfully to downstream application without any issue with the following -

{
“attributes”: {
“name”: “Cloud Services Deployment Utility”,
“operation”: “getReferenceIdentityAttribute”,
“uid”: “manager”,
“attributeName”: “displayName”
},
“type”: “rule”,
“name”: “Get Reference Identity Attribute Transform”
}

However when I try to get the manager ID with the same method, it’s failed and unable to retrieve the manager.id -

{
“attributes”: {
“name”: “Cloud Services Deployment Utility”,
“operation”: “getReferenceIdentityAttribute”,
“uid”: “manager”,
“attributeName”: “id”
},
“type”: “rule”,
“name”: “Get Reference Identity Attribute Transform”
}

Could anyone please advise how I can get the manager.id and use in create account action? Thanks you.

2

Hi @minyi ,

Welcome to Sailpoint Developer community:

The getReferenceIdentityAttribute transform is designed to retrieve identity attributes — i.e., fields that are part of the identity profile schema (like displayName, email, title, etc.). However, id in this context refers to the internal SailPoint unique identifier for the identity object, and that’s not considered a standard identity attribute.

Workaround to Get manager.id

You can get the manager’s id by using a custom rule-based transform, where you retrieve the reference and return its id directly.

Use a Rule Transform to Get Manager ID

Here’s how you can define a custom rule-based transform to extract the manager’s id:

{
  "type": "rule",
  "name": "Get Manager ID Transform",
  "attributes": {
    "name": "GetManagerIdTransform"
  }
}

Then define the corresponding rule in SailPoint’s Rule Library (Admin → Rule → Create New Rule), and name it GetManagerIdTransform. Here’s the sample rule body:

import sailpoint.object.Identity;

public Object transform(Object input, java.util.Map<String, Object> attributes) {
    if (input instanceof Identity) {
        Identity identity = (Identity) input;
        Identity manager = identity.getManager();
        if (manager != null) {
            return manager.getId();
        }
    }
    return null;
}
3

Hi @minyi

Can you please try the below code, this seems to be working for me if you need the ISC id of manager of a user.

{
    "id": "Some id",
    "name": "Vikas Test Get Manager ISC ID",
    "type": "firstValid",
    "attributes": {
        "values": [
            "$identity.getManager().getId()",
            ""
        ]
    },
    "internal": false
}

Please let me know if this helps.

Regards
Vikas.

4

@minyi IS ID THE UID FIELD?

5

{
“id”: “2f5e234”,
“name”: “ManagerReferenc”,
“type”: “firstValid”,
“attributes”: {
“values”: [
{
“type”: “static”,
“attributes”: {
“value”: "$identity.getManager().getLinksByAppIdOrName("appid “,null)[0].getNativeIdentity()”
}
},
“”
],
“ignoreErrors”: true
},
“internal”: false
}

try these
6

Hi @vguleria,

Tried the code shared and seems to be working fine. Much appreciated & thanks a lot!

1 Like
7

@dheerajk27 can you provide more elaborated details on rule creation part SailPoint’s Rule Library (Admin → Rule → Create New Rule)