Skip to main content

Account Profile Attribute Generator (from Template)

Overview

This rule generates complex account attribute values during provisioning, e.g. when creating an account. The rule's configuration comes from a template of values. You would typically use this rule when you are creating an account to generate attributes like usernames.

Execution

  • Cloud Execution - This rule executes in the IdentityNow cloud, and it has read-only access to IdentityNow data models, but it does not have access to on-premise sources or connectors.
  • Logging - Logging statements are currently only visible to SailPoint personnel.

Rule Execution

Input

ArgumentTypePurpose
logorg.apache.log4j.LoggerLogger to log statements. Note: This executes in the cloud, and logging is currently not exposed to anyone other than SailPoint.
idnsailpoint.server.IdnRuleUtilProvides a read-only starting point for using the SailPoint API. From this passed reference, the rule can interrogate the IdentityNow data model including identities or account information via helper methods as described in IdnRuleUtil.
identitysailpoint.object.IdentityReference to identity object representing the identity being calculated.
fieldsailpoint.object.FieldField object used to get information about the attribute being generated.

Output

ArgumentTypePurpose
valuejava.lang.ObjectValue returned for the account attribute.

Template

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule name="Example Rule" type="AttributeGeneratorFromTemplate">
<Description>Describe your rule here.</Description>
<Source><![CDATA[

// Add your logic here.

]]></Source>
</Rule>

Example

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" name="Generate Username" type="AttributeGeneratorFromTemplate">
<Description>This will generate a username.</Description>
<Source><![CDATA[
import java.util.Iterator;
import sailpoint.object.*;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang.StringUtils;

public String generateUniqueUsername ( String loginId, int iteration)
{
switch ( iteration )
{
case 0:
username = StringUtils.left(loginId, prefixLength) + suffix;
break;
// Default: add numbers until we get a unique username
default:
username = StringUtils.left(loginId, prefixLength - String.valueOf(iteration).length()).toString();
username = username + iteration + suffix;
break;
}

if ( isUnique ( username) )
return username;
else
return generateUniqueUsername ( loginId, ( iteration + 1 ));
}

public boolean isUnique ( String username )
{
return !idn.accountExistsByDisplayName(application.getName(), username);
}

int MAX_LENGTH = 20;
String suffix = field.getStringAttribute("template");
String loginId = identity.getAttribute("loginId");
int prefixLength = MAX_LENGTH - suffix.length();

if (StringUtils.isBlank(loginId))
return null;
else
return generateUniqueUsername( loginId, 0);

]]></Source>
</Rule>