Unable to search Custom Identity Attribute in Search Query even after making it Searchable

Hi Experts,

I have a custom Identity Attribute created to store Active Directory Last Logon Date & here is the attribute name: activeDirectoryLastLogin
I made it searchable since I need to use this attribute in workflow. though it’s been marked searchable = true I am still unable to search this attribute in my search query.
Below is my transform.

image765×548 9.91 KB

and here is the blank result for my search query by using activeDirectoryLastLogin

image2080×603 37 KB

Please advise what else to be ensured with respect to the configuration or is there any other issue here to look for.

Cheers,
Sudha

Hi @shucch01,

You may want to take a look at this article :

Did you try searching with name instead of displayName? Maybe you have to search with the attributes.activedirectorylastlogin.

I also tried using another attribute that is of same as OOTB attribute “endDate” and stores same format value using same transform. I observed that search using OOTB attribute “endDate” works whereas it is not with custom IDN attribute.

You need to run a identityRefresh to it to appear. Run a IdentityProfile Refresh and thats it.

The vscode IdentityNow extension now allows the adding of Identity Attributes and setting them as searchable. Might be worth trying it through there to see if it works and if it is an issue with your process.

@ipobeidi Yes, identity refresh is done on identity Profile. we are facing this issue only with custom identity attributes. OOTB attributes are working fine with search queries.

Cheers,
Sudha

I Imagined hat you have a transform on this field right? can you send the transform?

@jesvin90 we have taken care of date formatting part as well and able to fetch the dates in ISO8601 format only. here is my transform to handle date formatting for the AD source attribute which I am trying to store in custom identity attribute.
we are able to populate the converted date format in Identity cube as well. but same is not working when we use that identity attribute in search query.

image1003×482 16.7 KB

Expected date formatting result.

image838×74 4.61 KB

@ipobeidi Yes, below is the transform for this custom identity attribute filed activeDirectoryLastLogin

image772×548 10.9 KB

And below is the transform for the AD source/schema attribute “lastLogon” which I am storing in the above-mentioned Identity attribute. along with date formatting.

image988×434 15.7 KB

Cheers,
Sudha

@kdfreeman yes, we have even tried to search with technical name as well but still no luck.

Cheers,
Sudha

@shucch01 There is a set limit of seven Identity attributes that may be made searchable for use in correlations. KB0011640

IdentityNow can search on any attributes that have been successfully correlated to an identity. This means that uncorrelated accounts do not appear in this list and that an identity’s manager attribute must be correlatedto another valid identity for that data to be searchable.

@TJ211 we created this custom identity attribute to use within workflow. you have mentioned that limitation on searchable attribute for correlation.
you mean irrespective of purpose of custom attribute still this limitation applies.?

so, over all searchable attributes counts shouldn’t cross 7? If yes, please advise us if any solution/workaround on this limitation.

response to your second point, we are trying to search with valid correlated identity ↔ accounts who has this attribute value populated.

Cheers,
Sudha

Hi @shucch01,

Can you try creating a new Transform as below :

{
    "name": "FormattedDate",
    "type": "dateFormat",
    "attributes": {
        "inputFormat": "ISO8601",
        "outputFormat": "yyyy-MM-dd"
    }
}

Note - Your input format may change based on the timeZone you have specified in your AD source. So you can try out different input formats to get the desired output of yyyy-MM-dd

Once the transform is created, you can map the activeDirectoryLastLogin Identity attribute to the newly created transform.

image1217×180 10.6 KB

Once you get the activeDirectoryLastLogin value in the desired format (yyyy-MM-dd), you can try it out in the search query.

Hi @shucch01,

It seems that you need to have the Identity attribute name with a suffix DateType for the search to work.

image1039×137 19.7 KB

Here is a similar thread :

Thanks to @mcorsillo_bose for pointing it out in a recent thread.

There are 2 things going on here:

1. if you want to do date searches, then you need to do as @jesvin90 said above and force the field format to a date type format
2. You’re formatting the value as a ISO8601 which returns the timestamp in UTC time down to the millisecond. But the value you’re searching is just the date. Which brings you to @jesvin90 's other post above - the format you’re searching and the actual value don’t match you’d need to format the value to just yyyy-MM-dd if you want your search to work. (but seriously, do option 1 instead you’ll get much more flexible search options)

Also a bonus 3rd point - you don’t actually need to make an attribute searchable in order to search on it. Making it searchable really just makes it available for correlation.

Thanks @jesvin90
It worked for me! I have created new transform as per your suggestion and now I am able to search the attribute in my search query.