cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to Search Non-Indexed Account Attributes in IDN Rules for Uniqueness

How to Search Non-Indexed Account Attributes in IDN Rules for Uniqueness

This article will show how to use the recently released feature on creating indexed attributes which can be referenced in rules to do uniqueness searches and generate attributes like sAMAccountName / email / userPrincipalName etc.

It allows you to search accounts across sources to determine if a specific attribute value is already in use in those sources and help generate a new unique value.

Lets take a use case and a walkthrough on how you can set this up

 

Use Case

We want to generate a new email address which must have a unique prefix (firstname.lastname@) by checking against the “mail”, “userPrincipalName”, “proxyAddresses” attributes across 3 x AD connectors. 

Note: Sources don’t have to be AD explicitly and can be virtually any source (AAD, ServiceNow, Okta, Workday etc) 

 

Design

High Level Steps are

  • Identify Source ID and attributes
  • Create Searchable Attributes
  • Do an unoptimised aggregation if source already exists (like production tenant) to populate these searchable attributes.
  • Use new methods in rules to search for uniqueness

 

 Identify Source ID and Attributes

Now we have 3 x AD source in our design. For each of them we need to get their sourceID. You can fetch them with an API call

GET {{api-url}}/cc/api/source/get/{{source-id}}
Labels (1)
Comments

Hello,

I think something is missing on the increment part.

With this, the increment is never used : 

public String generateUniqueEmail(String fName, String lName, int iteration) throws Exception {
    if (iteration > 99) {
        throw new Exception("emailPrefix counter limit 99!");
    }
    String emailPrefix = fName + "." + lName;

    if (isUnique(emailPrefix)) {
        return emailPrefix;
    } else {
        return generateUniqueEmail(fName, lName, iteration + 1);
    }
}

 Maybe you should update with adding a switch between : 

        throw new Exception("emailPrefix counter limit 99!");
    }

and 

    if (isUnique(emailPrefix)) {

Which give you someting like that : 

 throw new Exception("emailPrefix counter limit 99!");
    }
	switch ( iteration ) {
		case 0:
			String emailPrefix = fName + "." + lName;
			break;
		default:
			String emailPrefix = fName + "." + lName + String.valueOf(iteration)
			break;
	}

    if (isUnique(emailPrefix)) {

Please check and update or tell me if i'm wrong.

Best regards.

@pedrolit0 I feel like you are right.  But I am saying just by looking at the code and not really running it.  The iteration needs to run with an append of the new iteration count.

@pedrolit0 you are right. I had removed some specific logic from code to use as example here which caused the issue. Updated with your code. Thanks for pointing it out.

@piyush_khandelwal I just need to generate a unique id between 2000 and 5000, I was hoping there will be an attributGenerator OOB for that.  If you know of one, can you please help.

Hello,

Is this possible to use on a WebServiceBeforeOperationRule?

I would like to create an email for the user in the target and validate that it is unique.

I'm getting:

Request completed
Exception occurred while performing 'Create' operation on identity '': Error: Error executing before operation rule for endpoint 'Create Account': BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: ``import java.util.ArrayList; import java.util.HashMap; import java.util.Map; impo . . . '' : Attempt to resolve method: attrSearchCountAccounts() on undefined variable or class name: idn : at Line: 56 : in file: inline evaluation of: ``import java.util.ArrayList; import java.util.HashMap; import java.util.Map; impo . . . '' : idn .attrSearchCountAccounts 

 

@piyush_khandelwal can attrSearchCountAccounts handle proxyaddresses if you don't put them in a searchable attribute?

Version history
Revision #:
5 of 8
Last update:
‎Oct 26, 2022 03:58 PM
Updated by: