I am looking to create a transform to retrieve the LastLogonTimestamp from AD (getting this in epoch format) and the lastSignInDateTime from the AAD. Then to compare these 2 last dates and find which is the closest of all. Once this is determined need to use that date -60 days to determine the inactive Life cycle state.
"finalDateLastLogin":
{
"value": "#if($Outcome) $AADdate #else $ADdate #end",
"AADdate":{
"name": "Check AAD LastLogonDate",
"type": "dateFormat",
"attributes": "input":
{
"attributes":
{
"sourceName": "Azure Active Directory - Standard Users",
"attributeName": "lastSignInDateTime"
},
"type": "accountAttribute"
},
"inputFormat": "yyyy-MM-dd'T'HH:mm'Z'",
"outputFormat": "ISO8601"
},
"ADdate":{
"name": "Check Active Directory LastLogonDate",
"type": "dateFormat",
"attributes": "input":
{
"attributes":
{
"sourceName": "Active Directory - Standard Users",
"attributeName": "LastLogon"
},
"type": "accountAttribute"
},
"inputFormat": "yyyy-MM-dd'T'HH:mm'Z'",
"outputFormat": "ISO8601"
},
"Outcome":
{
"attributes":
{
"AADdate":
{
"name": "Check AAD LastLogonDate",
"type": "dateFormat",
"attributes": "input":
{
"attributes":
{
"sourceName": "Azure Active Directory - Standard Users",
"attributeName": "lastSignInDateTime"
},
"type": "accountAttribute"
},
"inputFormat": "yyyy-MM-dd'T'HH:mm'Z'",
"outputFormat": "ISO8601"
},
"ADdate":
{
"name": "Check Active Directory LastLogonDate",
"type": "dateFormat",
"attributes": "input":
{
"attributes":
{
"sourceName": "Active Directory - Standard Users",
"attributeName": "LastLogon"
},
"type": "accountAttribute"
},
"inputFormat": "yyyy-MM-dd'T'HH:mm'Z'",
"outputFormat": "ISO8601"
},
"operator": "gte",
"positiveCondition": "true",
"negativeCondition": "false"
},
"type": "dateCompare",
"name": "Date Compare Transform"
}
}
iamology
February 15, 2024, 2:06am
2
Welcome to the community,
Would you please move the whole transform into the code format block? it will be easier to read that way.
There are some syntax errors in the transform as well as the keywords. You can refer to this page for help in fixing the same.Operations | SailPoint Developer Community
You don’t need to add name to the nested transforms. Name is required only for the outermost transform
Look at dateMath operation for adding daysDate Math | SailPoint Developer Community
1 Like
{
"name": "Farthest Date with DateMath",
"type": "static",
"attributes": {
"dateAD1": {
"type": "dateFormat",
"attributes": {
"input": {
"attributes": {
"sourceName": "Active Directory",
"attributeName": "lastLogonTimestamp"
},
"type": "accountAttribute"
},
"inputFormat": "EPOCH_TIME_WIN32",
"outputFormat": "ISO8601"
}
},
"dateAD2": {
"type": "dateFormat",
"attributes": {
"input": {
"attributes": {
"sourceName": "Azure Active Directory",
"attributeName": "lastSignInDateTime"
},
"type": "accountAttribute"
},
"inputFormat": "EPOCH_TIME_WIN32",
"outputFormat": "ISO8601"
}
},
"dateAD1gtAD2": {
"type": "dateCompare",
"attributes": {
"firstDate": {
"type": "accountAttribute",
"attributes": {
"attributeName": "dateAD1"
}
},
"secondDate": {
"type": "accountAttribute",
"attributes": {
"attributeName": "dateAD2"
}
},
"operator": "gt",
"positiveCondition": "true",
"negativeCondition": "false"
}
},
"selectedDate": "#if($dateAD1gtAD2=='true')$dateAD1#else$dateAD2#end",
"finalDate": {
"type": "dateMath",
"attributes": {
"expression": "selectedDate-60d",
"roundUp": false
}
}
}
}
vambrale
February 19, 2024, 5:14am
4
I have made a few changes to the code: Please check if it is working;
“finalDateLastLogin”: {#set ($ADLastLogon = $ADdate.value / 1000) #set ($AADLastSignIn = $AADdate.value / 1000) #set ($closestDate = $Outcome.positiveCondition ? ($AADLastSignIn > $ADLastLogon ? $AADLastSignIn : $ADLastLogon) : ($AADLastSignIn < $ADLastLogon ? $AADLastSignIn : $ADLastLogon)) $closestDate”,
2 Likes
Hi Varun, I have been able to try your suggestion yet. I am still building it. We have not decided to work a bit differently, getting the last logon-60 days directly from the AD sources and then doing the gt compare for the LCM status. I have used a firstvalid here as not all users have the data yet. This is giving the below error - {input=com.sailpoint.seaspray.transform.FormatDateTransform@273584ed, expression=-60d, roundUp=true}
{
"name": "Active Directory Date Format Transform",
"type": "firstValid",
"attributes": {
"values": [
{
"expression": "-60d",
"roundUp": true,
"input": {
"attributes": {
"input": {
"attributes": {
"sourceName": "Active Directory",
"attributeName": "lastLogonTimestamp"
},
"type": "accountAttribute"
},
"inputFormat": "EPOCH_TIME_WIN32",
"outputFormat": "ISO8601"
},
"type": "dateFormat"
}
},
{
"attributes": {
"value": "NA"
},
"type": "static"
}
]
},
"internal": false
}
vambrale
February 27, 2024, 6:53am
6
Can you please try any other inputFormat such as EPOCH_TIME_JAVA ; it might solve the issue. It basically is not able to resolve the format for date and time.
1 Like
system
April 27, 2024, 6:54am
7
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.