Register Sign in Need help? FAQ SailPoint directory
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to set the nativeIdentity value for a new account with a role

How to set the nativeIdentity value for a new account with a role

 

Product

Identity IQ 6.3p1 and later

 

Question

How can the nativeIdentity for a new account be set when using a role? The provisioning policy cannot do this.

 

Answer

The nativeIdentity attribute cannot be set using the role's provisioning policy. For example, for an Active Directory application, the distinguishedName attribute cannot be set by the role's provisioning policy since the distinguishedName is the nativeIdentity attribute. ETN 21488 addresses this issue and the ETN's change has been added to 6.3p1. As of 6.3p1, the "Account Selector" rule of the respective role can be used to set the nativeIdentity value. When a new Link object is returned from the Account Selector rule, that Link object's nativeIdentity will be used to set the value accordingly. Here is an example Account Selector rule:

 

import sailpoint.object.Link;

 

Link myNewLink = new Link();

 

myNewLink.nativeIdentity = "CN=someprefix" + identity.getName() + ",OU=some_ou,DC=company,DC=com";

 

return myNewLink;

Labels (2)
Labels:
Comments
‎Feb 02, 2016 06:07 AM
‎Feb 02, 2016 06:07 AM

Very helpful, thanks Chris!

Version history
Revision #:
2 of 2
Last update:
‎Aug 01, 2023 11:33 PM
Updated by:
Community Administrator
 
View Article History