I’m fairly new to ISC, but we’ve been working on an implementation for the better part of a year now. It’s been a great learning experience, and things are progressing well overall.
That said, I’ve run into a personal frustration: the apparent lack of unit testing techniques, libraries, or tooling specifically for “Transforms” in ISC (which, I’ve heard, was once known as “Seaspray”).
Once a transform becomes more than trivially complex, I find it incredibly difficult to trace what’s happening within the convoluted JSON object. It’s error-prone, fragile, and, frankly, pretty frustrating to deal with.
Am I missing something here? Is there an existing solution that I just haven’t come across yet?
I imagine others have faced similar challenges. So, my questions are:
How do you unit test a transform while adhering to TDD principles?
How can this be automated as part of a CI pipeline?
Are there any tools or libraries you’re using to address this? We seem to be able to handle this relatively well for Rules; why not for Transforms?
The best way to test your transforms is to put them in your dev environment first. If you’re doing a complex transform, chunk it out - if you’re assigning variables in your transform, map a separate transform for each variable to a separate identity attribute (these only need to exist in dev).
To your point, no, there is no built-in testing methodology. It can be confusing, complicated, and convoluted, but that can be mitigated by careful planning and scripting. If you find that your transforms are too complicated, try sharing them in the forum and seeing if anyone can help simplify. Personally, I’m a sucker for punishment and really enjoy transforms, but I’m not going to write a transform for someone without seeing what they’ve already tried (and, frankly, I wish more of the community would stop just writing people’s transforms for them, because that’s not going to help them learn!), but if you share what you’ve already tried and what didn’t work well, I’m usually more than happy to see what I can do to help optimize.
I suggest you to look into SailPoint Identity Security Cloud VSCode Extension where you can Preview the Transform for an Identity before adding to any attribute and Evaluate (for cloud run).
I have not used these options yet (more comfort make me less talented ), but worth to try if this can be helpful in your situation.
This is what I do
Testing in Sandbox
I will never develop complete Transform at once, build the logic one by one by evaluating the output
I will test all my transforms in Sandbox first, I will always have 5 Test attributes (Test1, Test2…Test5) as a placeholders for multiple logic testing
Once the testing is done, Integrate all the logics to build complete Transform and test here
Move to PROD
Testing in PROD directly - Test Identity Profile
Sometimes I will test in PROD directly, If I have to
I maintain a test HR source and test Identity Profile so that no impact on PROD data
You can do the testing here, this is limited to a couple of users in PROD (It is recommended to have a couple of test users in PROD for smoke testing)
Testing in PROD directly - Actual Identity Profile
Sometimes if I had to test in actual Identity Profile which is pointing to HR Source, then I will add test attributes here as well, test and delete them later
Whenever you do a change to Identity Profile, save and you can Preview it before applying changes, so there will be no impact.
But make sure that, other team members doesn’t click apply changes and avoid these changes during cloud Refresh Tasks
When you know what you are doing and the consequences of it, then you will be good.
I hear you that transforms can be frustrating. The tool mentioned by Krishna is a good place to start, the VS code extension is great for any ISC developer.
Another one I would like to add to the mix is the transform builder in SailPoints ui-development-kit.
You can run this project locally on your computer and once you’re up and running you can use the transform builder. This tool is meant to take away to complexity of managing the JSON structure and allows you to test different parts of the transform as you build it.
The top panel allows you to preview the transform, view the JSON definition, etc…
Unit testing and CI/CD
This is an area we can definitely improve and the developer relations team is about to explore CI/CD for most SailPoint objects. More to come on this in 2026
Thanks, @tyler_mairose, I hadn’t realized that the UI Dev Kit includes a feature for visualizing transformations. I’ll give it a try; it looks like it will make parsing large transformations much easier, and I’m hoping it will make code reviews a little easier.
The approach I’ve found (that is closer to the way I like to work) is to use the SailPoint CLI’s transform preview command with the --result-only flag as part of a larger build process after pushing a transformation to the tenant. It’s not quite a unit test and more akin to an integration test, but it’s good enough for now… and I keep click-ops to a minimum while hammering away at a transformation.
That said, I’m excited to see which CI/CD capabilities are coming next.
), but worth to try if this can be helpful in your situation.
