IdentityNow Transforms - Account Attribute

6 Kudos

The transform documentation listed here is outdated and is nonger actively maintained. Please refer to https://developer.sailpoint.com/idn/docs/transforms for IdentityNow Transform documentation.

Alf_Kasperczyk2 · ‎Jul 22, 2022

Is there any reason why "startsWith" does not work on the accountPropertyFilter? (nor endsWith)

e.g. "accountPropertyFilter": "(memberOf.startsWith(\"CN=abc\"))",

I'm assuming it's checking against the AD group "Value" which has the FQDN.
FYI - using contains works! - and I've tried even comparing the full value (case sensitive).
@piyush_khandelwal ?

sbhingare · ‎Jan 06, 2023

In case of multi valued attribute, it is returning only first value. How can I get all values in case if account attribute value type is list ?

GuiNab · ‎Mar 15, 2023

@sbhingare Using the "accountPropertyFilter", for example the "memberOf" in Active Directory source, it will check in all of the items, even it just displaying the first one it will check all of them.

Here is an example of a transform:

{

"type": "accountAttribute",

"attributes": {

"sourceName": "Active Directory",

"attributeName": "sAMAccountName",

"accountPropertyFilter": "memberOf.contains(\"<Ent1>\") || memberOf.contains(\"Ent2\")"

}

I've used it with firstValid, if the memberOf contains Ent1 or Ent2, it will display the sAMAccountName, if it not contains, it will display null, so I made firstValid to set a static value if the accountPropertyFilter pass the condition.

The use had 3 Entitlements when I did the test, it displays the first one but check in the other too.

sbhingare · ‎Mar 18, 2023

Thanks @GuiNab , Actually my requirement is to assign all values in the multivalued account attribute to the identity attribute. I don't want to check if it contains certain value.

IdentityNow Transforms - Account Attribute

IdentityNow Transforms - Account Attribute

Documents