Unable to search Custom Identity Attribute in Search Query even after making it Searchable

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hi Experts,

I have a custom Identity Attribute created to store Active Directory Last Logon Date & here is the attribute name: activeDirectoryLastLogin
I made it searchable since I need to use this attribute in workflow. though it’s been marked searchable = true I am still unable to search this attribute in my search query.
Below is my transform.

image
image765×548 9.91 KB

and here is the blank result for my search query by using activeDirectoryLastLogin

image
image2080×603 37 KB

Please advise what else to be ensured with respect to the configuration or is there any other issue here to look for.

Cheers,
Sudha

2

Hi @shucch01,

You may want to take a look at this article :

1 Like
3

Did you try searching with name instead of displayName? Maybe you have to search with the attributes.activedirectorylastlogin.

4

I also tried using another attribute that is of same as OOTB attribute “endDate” and stores same format value using same transform. I observed that search using OOTB attribute “endDate” works whereas it is not with custom IDN attribute.

5

You need to run a identityRefresh to it to appear. Run a IdentityProfile Refresh and thats it.

6

The vscode IdentityNow extension now allows the adding of Identity Attributes and setting them as searchable. Might be worth trying it through there to see if it works and if it is an issue with your process.

1 Like
7

@ipobeidi Yes, identity refresh is done on identity Profile. we are facing this issue only with custom identity attributes. OOTB attributes are working fine with search queries.

Cheers,
Sudha

8

I Imagined hat you have a transform on this field right? can you send the transform?

9

@jesvin90 we have taken care of date formatting part as well and able to fetch the dates in ISO8601 format only. here is my transform to handle date formatting for the AD source attribute which I am trying to store in custom identity attribute.
we are able to populate the converted date format in Identity cube as well. but same is not working when we use that identity attribute in search query.

image
image1003×482 16.7 KB

Expected date formatting result.

image
image838×74 4.61 KB

10

@ipobeidi Yes, below is the transform for this custom identity attribute filed activeDirectoryLastLogin

image
image772×548 10.9 KB

And below is the transform for the AD source/schema attribute “lastLogon” which I am storing in the above-mentioned Identity attribute. along with date formatting.

image
image988×434 15.7 KB

Cheers,
Sudha

11

@kdfreeman yes, we have even tried to search with technical name as well but still no luck.

Cheers,
Sudha

12

@shucch01 There is a set limit of seven Identity attributes that may be made searchable for use in correlations. KB0011640

IdentityNow can search on any attributes that have been successfully correlated to an identity. This means that uncorrelated accounts do not appear in this list and that an identity’s manager attribute must be correlatedto another valid identity for that data to be searchable.

13

@TJ211 we created this custom identity attribute to use within workflow. you have mentioned that limitation on searchable attribute for correlation.
you mean irrespective of purpose of custom attribute still this limitation applies.?

so, over all searchable attributes counts shouldn’t cross 7? If yes, please advise us if any solution/workaround on this limitation.

response to your second point, we are trying to search with valid correlated identity ↔ accounts who has this attribute value populated.

Cheers,
Sudha

14

Hi @shucch01,

Can you try creating a new Transform as below :

{
    "name": "FormattedDate",
    "type": "dateFormat",
    "attributes": {
        "inputFormat": "ISO8601",
        "outputFormat": "yyyy-MM-dd"
    }
}

Note - Your input format may change based on the timeZone you have specified in your AD source. So you can try out different input formats to get the desired output of yyyy-MM-dd

Once the transform is created, you can map the activeDirectoryLastLogin Identity attribute to the newly created transform.

image
image1217×180 10.6 KB

Once you get the activeDirectoryLastLogin value in the desired format (yyyy-MM-dd), you can try it out in the search query.

1 Like
15

Hi @shucch01,

It seems that you need to have the Identity attribute name with a suffix DateType for the search to work.

image
image1039×137 19.7 KB

Here is a similar thread :

Thanks to @sup3rmark for pointing it out in a recent thread.

1 Like
16

There are 2 things going on here:

  1. if you want to do date searches, then you need to do as @jesvin90 said above and force the field format to a date type format
  2. You’re formatting the value as a ISO8601 which returns the timestamp in UTC time down to the millisecond. But the value you’re searching is just the date. Which brings you to @jesvin90 's other post above - the format you’re searching and the actual value don’t match you’d need to format the value to just yyyy-MM-dd if you want your search to work. (but seriously, do option 1 instead you’ll get much more flexible search options)

Also a bonus 3rd point - you don’t actually need to make an attribute searchable in order to search on it. Making it searchable really just makes it available for correlation.

1 Like
17

Thanks @jesvin90
It worked for me! I have created new transform as per your suggestion and now I am able to search the attribute in my search query.

18

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.