Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.
Please consider addressing the following when creating your topic:
-
requirement?
we are trying to segregate china users.
1)they should not be provisioned with AD account. so skipping powershell script.
2) if users country is china then create a okta account and email address should be created in create policy and if non china then consider creating AD account + email address creation with reference transform.What have you tried?
i have tried to create attribute generator rule but it seems it is always best practice to have tranform in create policy so i was trying to build a transform but having issues.{ "id": "", "name": "Work email conditional check", "type": "conditional", "attributes": { "countryValue": { "type": "lower", "attributes": { "input": { "type": "trim", "attributes": { "input": { "type": "identityAttribute", "attributes": { "name": "country" } } } } } }, "expression": "$countryValue eq china", "positiveCondition": { "type": "reference", "attributes": { "ref": "china-email-transform" } }, "negativeCondition": { "type": "reference", "attributes": { "ref": "default-email-transform" } } }, "internal": false }——————————————————————
2) tried usernameGenerator transform{ "id": "", "name": "Work Email Conditional China and non china users", "type": "identityAttribute", "attributes": { "transform": { "type": "conditional", "attributes": { "countryValue": { "type": "lower", "attributes": { "input": { "type": "trim", "attributes": { "input": { "type": "identityAttribute", "attributes": { "name": "country" } } } } } }, "expression": "$countryValue eq china", "positiveCondition": { "type": "usernameGenerator", "attributes": { "sourceCheck": true, "patterns": [ "$fn$ln${uniqueCounter}@cn.domain.com" ], "fn": { "type": "lower", "attributes": { "input": { "type": "replaceAll", "attributes": { "regex": "[^A-Za-z0-9]", "replacement": "", "input": { "type": "decomposeDiacriticalMarks", "attributes": { "input": { "type": "firstValid", "attributes": { "values": [ { "type": "identityAttribute", "attributes": { "name": "preferredFirstName" } }, { "type": "identityAttribute", "attributes": { "name": "firstName" } } ] } } } } } } } }, "ln": { "type": "lower", "attributes": { "input": { "type": "replaceAll", "attributes": { "regex": "[^A-Za-z0-9]", "replacement": "", "input": { "type": "decomposeDiacriticalMarks", "attributes": { "input": { "type": "firstValid", "attributes": { "values": [ { "type": "identityAttribute", "attributes": { "name": "preferredLastName" } }, { "type": "identityAttribute", "attributes": { "name": "lastName" } } ] } } } } } } } } } }, "negativeCondition": { "type": "reference", "attributes": { "ref": "work email transform" } } } } }, "internal": false } -
What errors did you face (share screenshots)?
name/attribute missing or filed missing.
can someone try in their tenant and share the updated transform. -
What is the result you are getting and what were you expecting?
it should create okta account with email address firstName+lastNAme+uniquecounter@cn.domain.com
1)example : China user:
firstName: john
lastNAme: doe
country : china
expected email address: johndoe1@cn.domain.com- should not create AD account
2)example : non-China user:
firstName: john
lastNAme: doe
country : united states
expected email address: johndoe1@domain.com
should create AD + downstream system account going through