Hi All,
Can the Username Generator transform be used to generate a unique username, i.e., $(firstname).$(lastname)$(uniqueCounter), in the web service connector’s create account section? I tried, but it was not successful.
Hi Rohit,
Did you use the cloudMaxUniqueChecks attribute in the transform?
-
The transform allows you to use “uniqueCounter” as a reserved variable for numerically trying the next iteration of the pattern. Once the generator is active on a pattern with the “uniqueCounter,” it will keep incrementing until it either has found a unique username candidate, or it exhausts the “cloudMaxUniqueChecks” value. This means that the generator does not process any patterns after one containing “uniqueCounter.” The “uniqueCounter” must always be last in the pattern list.
-
Within the account attribute definition structure, there is a field for “cloudMaxUniqueChecks” that identifies how many times the generator must invoke the uniqueness check logic before it stops executing. The maximum allowed value for this field is 50.
Take a look here for more info and transform example- Username Generator
Hi Maria,
Yes, I used the cloudMaxUniqueChecks attribute.
Thanks.
Is the attribute not being generated uniquely? Could you provide more details about the issue you faced? Sharing your transform configuration would also be helpful in understanding the problem.
In the web service application, the username attribute is unique, so I used the Username Generator transform to check uniqueness, but it is not working. I am getting the following error.
“An unexpected error occurred: Unable to generate a unique value for ‘test.user03’, action UniqueAccountIdValidator[nativeIdentity=test.user031,app=XYZ] is not retry-able due to ConnectorException: “returncode”:1”
{
"name": "username",
"transform": {
"type": "usernameGenerator",
"attributes": {
"sourceCheck": true,
"patterns": [
"$fn.$ln${uniqueCounter}"
],
"fn": {
"type": "identityAttribute",
"attributes": {
"name": "firstname"
}
},
"ln": {
"type": "identityAttribute",
"attributes": {
"name": "lastname"
}
}
}
},
"attributes": {
"cloudMaxUniqueChecks": "10",
"cloudMaxSize": "100",
"cloudRequired": "true"
},
"isRequired": false,
"type": "string",
"isMultiValued": false
}
I am not sure whether we can use this transform in the web service connector or not.
Hi Rohit,
Have you set up the getObject operation for your WebService source yet? See the below notes from the username generator transform.
sourceCheck - This boolean value (true/false) indicates whether the generator must check only the Identity Security Cloud database’s representation of accounts for uniqueness, or whether it must query the target system directly. If no value is provided, the attribute defaults to false.
-
trueindicates the generator must check the target system directly. The generator only respects this setting if the system supports thegetObjectfunctionality. For systems that lack the ability to query for single account objects, the generator ignores this setting and defaults tofalse. The generator only checks the attribute identified in the account schema as theaccountID. -
falseindicates the generator must check only the Identity Security Cloud database of accounts. The generator only checks theaccountID.
1 Like
Hi Margo,
Yes, I configured the get-Object operation.
Hi @Rohit_Sahu
Can you please send the screenshot of the create policy if possible from UI. I would like to see if $Fn and $ln are declared above the username attribute in the create policy.
Ideally for target application i am not so sure why would be need to generate the unique name as in ISC identity you should already have a unique identifier may be email or userName. Can you try using that if your use-case permits it.
I hope that helps.
Regards
Vikas.
Hi @vguleria
Yes, the firstname and lastname attributes are declared above the username attribute in the Create policy.
Generally, the unique identifier (an alphanumeric value) is already present in the ISC, but I need to use this username to generate the user’s email.
Thanks
Rohit