Update Account not Triggering

Hi team,

I have a Web Service connector with Update Account configured for multiple attributes. Some of these attributes are directly linked to the Identity Profile, and are getting synced immediatly after changes in the authoritative source. However, some of these attributes that only exist on the source account are not being updated automatically, as the update operation isn’t being triggered.

Sometimes, some of these attributes are synced, but very rarely. I’m not sure what is causing this inconsistency, but all attributes are definately not syncing to the web service source.

I have configured an AfterRule with all the logic to send my update provisioning policy:

if (provisioningPlan != null) {
    log.error("provvPlan" + provisioningPlan.getAccountRequests().get(0).getAttributeRequests());

    List attrReqs = provisioningPlan.getAccountRequests().get(0).getAttributeRequests();
    StringBuilder jsonBodyBuilder = new StringBuilder("[\n");

    for (i = 0; i < attrReqs.size(); ++i) {
        log.error("provvList: " + attrReqs.get(i).getValue() + " - " + attrReqs.get(i).getName());

        String attr = attrReqs.get(i).getName();
        String value = attrReqs.get(i).getValue();
        String itemJsonBody = "";

        // Update the contents of the if-statement when adding/removing attributes to the provisioning plan
        if (attr.equals("description")) {
            // Build JSON body for  each item in the list
            itemJsonBody = 
                "{\n" +
                "  \"op\": \"replace\",\n" +
                "  \"path\": \"/" + attr + "\",\n" +
                "  \"value\": \"" + value + "\"\n" +
                "}";
        } else if (attr.equals("employmentDate")) {
            // Build JSON body for  each item in the list
            itemJsonBody = 
                "{\n" +
                "  \"op\": \"replace\",\n" +
                "  \"path\": \"/userStatus\",\n" +
                "  \"value\": {\n" +
                "    \"dateFrom\": \"" + value + "\"\n" +
                "  }\n" +
                "}";
        } else if (attr.equals("expiredDate")) {
            // Build JSON body for  each item in the list
            itemJsonBody = 
                "{\n" +
                "  \"op\": \"replace\",\n" +
                "  \"path\": \"/userStatus\",\n" +
                "  \"value\": {\n" +
                "    \"dateTo\": \"" + value + "\"\n" +
                "  }\n" +
                "}";
        } else if (attr.equals("status")) {
            // Build JSON body for  each item in the list
            itemJsonBody = 
                "{\n" +
                "  \"op\": \"replace\",\n" +
                "  \"path\": \"/userStatus\",\n" +
                "  \"value\": {\n" +
                "    \"status\": \"" + value + "\"\n" +
                "  }\n" +
                "}";
        }
         else {
            log.error("Error: String build failed...");
        }

        jsonBodyBuilder.append(itemJsonBody);

        // Add a comma and newline for all items except the last one
        if (i < attrReqs.size() - 1) {
            jsonBodyBuilder.append(",\n");
        }
    }
    
    jsonBodyBuilder.append("\n]");

    Map body = requestEndPoint.getBody();
    body.put("jsonBody", jsonBodyBuilder.toString());
    requestEndPoint.setBody(body);
    log.error("fullBody: " + body);

} else {
    log.info("Rule: plan is null");
}

Yes, this code can be cleaned and we don’t have to duplicate every JSON-body, but for clarity now when debugging I’ll leave it this way.

Description, start & end date has been working decently when there are changes in the authoritative source. However, status is never being synced, as this one only exists in the end system (but of course mapped to the source account profile in IDN as well).

That being said, the code works. Issue seems to be that the update/modify operation isn’t being triggered automatically for attributes that are not mapped directly from the identity profile to the source provisioning plan.

Do I need to configure any extra operations for this? Is this the expected behaviour in IdentityNow?

Hi Sebastin,
Have you configured Update Provisioning policy where in you are adding the attribute which are not syncing ? Could you please add update provisioning policy and check if it solves your issue

Hello Rakesh, yes sorry didn’t write it in my post,

Update Provisioning Policy has been added and configured with the attributes that are not directly mapped from the identity profile.

Hi Sebastian,
We had similar kind of requirement. The only option we had is to add a BeforeProvisioning Rule and achieve the requirement

Yes, as you can see I have also added a BeforeProvisioning Rule, and it works for attributes that are mapped directly from the Identity Profile->Source Account

The attributes that are synced through an Update Provisioning Policy don’t trigger the modify operation unless other directly mapped attributes are changed from the authoritative source.

Do you have the Update Account HTTP Operation set up under Source Configuration?

Yes, the update itself works perfectly when I map the attribute directly to an identity profile. however I don’t want 20-30 extra attributes on the actual Identity Cube as that will be a bit of a mess.

Usually it has always worked to add a provisioningPolicy with the “UPDATE” usage type as this has synced attributes neatly (In AD for example). Now however, for the web-service connector this doesn’t seem to work as neatly.

Edit:
(Only fix that worked was to map those attributes directly from the identity cube to the account provisioning policy and check the sync box for them all, not sure why UPDATE type provisioning policies for syncing account-only are inconsistent however)

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.