We need to store the date as output when the cost center code changes for a user can we do it through transform?

Identity Security Cloud (ISC) ISC Discussion and Questions
1

We need to store the date as output when the cost center code changes for a user can we do it through transform ?

2

Clarity: You are trying to log data changes from the HR source inside of Sailpoint as an identity attribute?

3

This cannot be achieved by a transform alone because transforms cannot detect attribute changes over time. You can use an Identity Attribute Changed trigger (workflow) to monitor cost center changes and set the date using “now()”.

Transforms may work as a workaround using oldValue comparison.

4

yes we have created attribute datechangecostcneter in which need to store the date when cost center got change can u pls help ?

5

and that date can be stored from workflow to identity attribute?

6

Yes, we can store it using a workflow by updating a custom identity attribute with now() when costCenter changes.

7

@BBR1 has nailed it precisely. Do you have the workflows module though?

8

Is this a good workflow for my requirement

<{
“name”: “Cost Center Change Workflow”,
“description”: “Triggers when cost center changes and updates modified date”,
“enabled”: true,
“trigger”: {
“type”: “EVENT”,
“attributes”: {
“id”: “idn:identity-attributes-changed”,
“filter”: “changes.attribute eq “costCenter””
}
},
“definition”: {
“start”: “Compare Cost Center”,
“steps”: {
“Compare Cost Center”: {
“type”: “choice”,
“choiceList”: [
{
“comparator”: “StringDoesNotEquals”,
“variableA.$”: “$.trigger.changes[?(@.attribute == ‘costCenter’)][0].newValue”,
“variableB.$”: “$.trigger.changes[?(@.attribute == ‘costCenter’)][0].oldValue”,
“nextStep”: “Update Modified Date”
}
],
“defaultStep”: “End Step - Success”
},
“Update Modified Date”: {
“type”: “action”,
“actionId”: “sp:http”,
“attributes”: {
“authenticationType”: “OAuth”,
“method”: “PATCH”,
“oAuthClientId”: “<YOUR_CLIENT_ID>”,
“oAuthClientSecret”: “<YOUR_CLIENT_SECRET>”,
“oAuthTokenUrl”: “https://xyz-sb.api.identitynow.com/oauth/token”,
“oAuthCredentialLocation”: “oAuthInHeader”,
“requestContentType”: “json”,
“url”: “https://xyz-sb.api.identitynow.com/v3/identities/${identity.id}”,
“jsonRequestBody”: [
{
“op”: “replace”,
“path”: “/attributes/modifiedDateOfCostCenter”,
“value”: “${now}”
}
]
},
“nextStep”: “End Step - Success”
},
“End Step - Success”: {
“type”: “success”
}
}
}
}/>

9

looks good, but, is it working.

10

Where are you getting the identity.id?

11

ideally it should come from the workflow trigger context

12

Hi @Rakesh_Singh_1234

you cannot natively store the change date using a standard transform alone.

And it seems workflow have some issues itself. you haven’t compared the old value as well. Although Workflow is the good option but this could be achieved this by using a static transform that leverages the “oldValue” variable available in the identity attribute.
When the costCenter changes, you need two identity attributes to trak the change:

  1. Cost Center: The standard attribute synced from your HR source.
    2.Cost Center Change Date: A custom attribute that will store the timestamp.
    And then you need to apply a transform to the “Cost Center Change Date” attribute that compares the current “costCenter” with its previous value.

please let us know if this works for you. Thanks

13

what do u mean? can u please tell me in details

14

can u pls give me the trasnform if possible

15

I didn’t see this in your WF: “identity.id$”: “$.trigger.identity.id”
How were you intending to populate this url?

“url”: “https://xyz-sb.api.identitynow.com/v3/identities/${identity.id}”,

without defining ${identity.id}

16

in trigger we need to define it ? right ?

17

Yes. Take a look at the templates that are on your tenant. That will show you what you need to grab and how to grab the idenity.id details

18

Where is the documentation for:

PATCH https://tenant-sb.api.identitynow.com/v3/identities/:id

It isn’t listed in V3 APIs | SailPoint Developer Community or the other api versions. I tried sending a test to the endpoint in my tenant and came back with 404 : {“error”:“No message available”}

19

I don’t think you can update an identity attribute through an API call unless it’s a delimited file source.

The suggestions on here aren’t going to work unless the authoritative source is from a delimited file and you’re updating the account from that source, not the identity itself.

This is the closest I can find and it clearly states, it can only update flat file sources.

1 Like
20

https://devrel.api.identitynow.com/v3/identities/${identity.id} is this valid??