Register Sign in Need help? FAQ SailPoint directory
Help

IdentityNow Transforms - Get Reference Identity Attribute

IdentityNow Transforms - Get Reference Identity Attribute

Overview

The get reference identity attribute transform is an out-of-the-box rule transform provided via SailPoint's Cloud Services Deployment Utility rule. It allows you to easily get the identity attribute of another user from within a given identity's calculation. As a convenience feature, the transform allows you to use "manager" as a referential lookup to the target identity.

Other Considerations

  • N/A

 

Transform Structure

The structure of a get reference identity transform requires the name of the referenced rule to be the "Cloud Services Deployment Utility" rule built by SailPoint. Additionally, the operation must be set to getReferenceIdentityAttribute, and a uid attribute should be specified that correlates to the identity whose attribute is desired. Lastly, the standard type and name attributes that are required for all transforms must be included:

Example

{
  "attributes": {
    "name": "Cloud Services Deployment Utility",
    "operation": "getReferenceIdentityAttribute",
    "uid": "manager",
    "attributeName": "email"
  },
  "type": "rule",
  "name": "Test Get Reference Identity Attribute Transform"
}

Attributes

  • Required Attributes

    • type - This must always be set to rule

    • name - This is a required attribute for all transforms, and represents the name of the transform as it will appear in the UI's dropdowns

    • attributes.name - This must always be set to "Cloud Services Deployment Utility"

    • operation - This must always be set to "getReferenceIdentityAttribute"

    • uid - This is the SailPoint User Name (uid) value of the identity whose attribute is desired

      • As a convenience feature, you can use the "manager" keyword to dynamically look up the user's manager and then get that manager's identity attribute

  • Optional Attributes

    • requiresPeriodicRefresh - A true or false value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process.

 

Examples

Example 1

{
  "attributes": {
    "name": "Cloud Services Deployment Utility",
    "operation": "getReferenceIdentityAttribute",
    "uid": "manager",
    "attributeName": "email"
  },
  "type": "rule",
  "name": "Test Get Reference Identity Attribute Transform"
}

The above transform will get the email address for the user's manager.

Example 2

{
  "attributes": {
    "name": "Cloud Services Deployment Utility",
    "operation": "getReferenceIdentityAttribute",
    "uid": "corporate.admin",
    "attributeName": "phone"
  },
  "type": "rule",
  "name": "Test Get Reference Identity Attribute Transform"
}

The above transform will obtain the alternate phone number for the user identified as "corporate.admin."

 

References

  • N/A
Comments
yunovd
‎Dec 10, 2020 10:53 AM
‎Dec 10, 2020 10:53 AM

Perfect! 

gowrisankar
‎May 29, 2021 12:27 PM
‎May 29, 2021 12:27 PM

Team, how can we dynamically set the value for uid?   For instance, i want to assign the input attribute value

 

Thanks,

Gowri

yunovd
‎May 30, 2021 04:09 PM
‎May 30, 2021 04:09 PM

Hi @gowrisankar 

Yes, UID could be set dynamically as at the simplified sample below:

 

{
"attributes": {
"uid": {
"attributes": {
"attributeName": "branchCode",
"sourceName": "Workday HR"
},
"type": "accountAttribute"
},
"name": "Cloud Services Deployment Utility",
"attributeName": "branchTimeZone",
"operation": "getReferenceIdentityAttribute"
},
"id": "getBranchTimeZone",
"type": "rule"
}

 

 

gowrisankar
‎May 30, 2021 07:57 PM
‎May 30, 2021 07:57 PM

Thanks a lot 

dkiran025
‎Jul 30, 2021 12:40 PM
‎Jul 30, 2021 12:40 PM

We have created two custom identity attributes A and B (examples). And "A" uses the above transform:

{
"attributes": {
"name": "Cloud Services Deployment Utility",
"operation": "getReferenceIdentityAttribute",
"uid": "manager",
"attributeName": "B"
},
"type": "rule",
"id": "Test"
}

 

The attribute "B"  gets the distingishedName of the identity.

The above configuration works for Sandbox but it doesnot work in PROD.

 

I have tried to fetch the attribute details in which both PROD and Sandbox are similar. The searchable value for both the attributes is False. 

 

Can you please let me know if I am missing out anything in PROD? The Value B is populated for the Identity but Value A is not NULL in Prod.

dkiran025
‎Aug 02, 2021 03:40 AM
‎Aug 02, 2021 03:40 AM

We have created two custom identity attributes A and B (examples). And "A" uses the above transform:

{
"attributes": {
"name": "Cloud Services Deployment Utility",
"operation": "getReferenceIdentityAttribute",
"uid": "manager",
"attributeName": "B"
},
"type": "rule",
"id": "Test"
}

 

The attribute "B"  gets the distingishedName of the identity.

The above configuration works for Sandbox but it doesnot work in PROD.

 

I have tried to fetch the attribute details in which both PROD and Sandbox are similar. The searchable value for both the attributes is False. 

 

Can you please let me know if I am missing out anything in PROD? The Value B is populated for the Identity but Value A is not NULL in Prod.

salam1
‎Dec 27, 2022 10:38 AM
‎Dec 27, 2022 10:38 AM

@yunovd I tried setting up the UID dynamically and it didnt work. Did it work for you when you tested?

Version history
Revision #:
3 of 3
Last update:
‎Dec 09, 2021 03:51 PM
Updated by:
SailPoint Employee
 
View Article History
Contributors