Hi,
I’m having some issues with making correct references to the Account Name on the account for a source. (Not the identity Account Name).
In the CREATE HTTP operation we can use $plan.userid$ to point towards the attribute since we have defined userid in the Schema and set it as Account Name.
But for the HTTP operation for add entitlement we also needs to send the userid in the body.
We have tried the following:
$plan.userid$ → Gives us NULL
$plan.NativeIdentity$ → Gives us Account ID
$plan.planNativeIdentity$ → Gives us Account Name on Identity
How can we write to point towards Account Name on the Account instead of the Identity?
And where can I find documentation on which attributes on an account or identity I can point towards and how I do that?
I would like to avoid having to use a rule if possible.
If you are calling add entitlement operation desperate api then you can add one more add entitlement operation inside add get single account api it will provide you the response with userid.
Then add entitlement operation to add entitlement take userid from the before add entitlement response.
Yes, I didn’t find a way to point towards the AccountName so I had to solve it by creating to HTTP operations for Add entitlement and two for remove entitlement where the first call is a get User to fetch the value of the AccountName directly from the source system instead. I then map the attribute in the response and points towards it in call nbr 2 which is the original call to add/remove entitlement.
I point towards the attribute using $response.user$ from call nbr 1.
This is an easy way to solve it but it is very important to place the calls in order in the HTTP operations list. It also means creating several operations that looks exactly the same. So Sailpoint should improve this for better and cleaner solutions but it’s a good workaround for now.