IdentityNow Transforms - Get Reference Identity Attribute
Overview
The get reference identity attribute transform is an out-of-the-box rule transform provided via SailPoint's Cloud Services Deployment Utility rule. It allows you to easily get the identity attribute of another user from within a given identity's calculation. As a convenience feature, the transform allows you to use "manager" as a referential lookup to the target identity.
Other Considerations
- N/A
Transform Structure
The structure of a get reference identity transform requires the name
of the referenced rule to be the "Cloud Services Deployment Utility" rule built by SailPoint. Additionally, the operation
must be set to getReferenceIdentityAttribute
, and a uid
attribute should be specified that correlates to the identity whose attribute is desired. Lastly, the standard type
and name
attributes that are required for all transforms must be included:
Example
{
"attributes": {
"name": "Cloud Services Deployment Utility",
"operation": "getReferenceIdentityAttribute",
"uid": "manager",
"attributeName": "email"
},
"type": "rule",
"name": "Test Get Reference Identity Attribute Transform"
}
Attributes
-
Required Attributes
-
type - This must always be set to
rule
-
name - This is a required attribute for all transforms, and represents the name of the transform as it will appear in the UI's dropdowns
-
attributes.name - This must always be set to "Cloud Services Deployment Utility"
-
operation - This must always be set to "getReferenceIdentityAttribute"
-
uid - This is the SailPoint User Name (uid) value of the identity whose attribute is desired
- As a convenience feature, you can use the "manager" keyword to dynamically look up the user's manager and then get that manager's identity attribute
-
-
Optional Attributes
- requiresPeriodicRefresh - A
true
orfalse
value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process.
- requiresPeriodicRefresh - A
Examples
Example 1
{
"attributes": {
"name": "Cloud Services Deployment Utility",
"operation": "getReferenceIdentityAttribute",
"uid": "manager",
"attributeName": "email"
},
"type": "rule",
"name": "Test Get Reference Identity Attribute Transform"
}
The above transform will get the email address for the user's manager.
Example 2
{
"attributes": {
"name": "Cloud Services Deployment Utility",
"operation": "getReferenceIdentityAttribute",
"uid": "corporate.admin",
"attributeName": "phone"
},
"type": "rule",
"name": "Test Get Reference Identity Attribute Transform"
}
The above transform will obtain the alternate phone number for the user identified as "corporate.admin."
References
- N/A
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Content to Moderator
Perfect!
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Content to Moderator
Team, how can we dynamically set the value for uid? For instance, i want to assign the input attribute value
Thanks,
Gowri
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Content to Moderator
Hi @gowrisankar
Yes, UID could be set dynamically as at the simplified sample below:
{
"attributes": {
"uid": {
"attributes": {
"attributeName": "branchCode",
"sourceName": "Workday HR"
},
"type": "accountAttribute"
},
"name": "Cloud Services Deployment Utility",
"attributeName": "branchTimeZone",
"operation": "getReferenceIdentityAttribute"
},
"id": "getBranchTimeZone",
"type": "rule"
}
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Content to Moderator
Thanks a lot
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Content to Moderator
We have created two custom identity attributes A and B (examples). And "A" uses the above transform:
{
"attributes": {
"name": "Cloud Services Deployment Utility",
"operation": "getReferenceIdentityAttribute",
"uid": "manager",
"attributeName": "B"
},
"type": "rule",
"id": "Test"
}
The attribute "B" gets the distingishedName of the identity.
The above configuration works for Sandbox but it doesnot work in PROD.
I have tried to fetch the attribute details in which both PROD and Sandbox are similar. The searchable value for both the attributes is False.
Can you please let me know if I am missing out anything in PROD? The Value B is populated for the Identity but Value A is not NULL in Prod.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Content to Moderator
We have created two custom identity attributes A and B (examples). And "A" uses the above transform:
{
"attributes": {
"name": "Cloud Services Deployment Utility",
"operation": "getReferenceIdentityAttribute",
"uid": "manager",
"attributeName": "B"
},
"type": "rule",
"id": "Test"
}
The attribute "B" gets the distingishedName of the identity.
The above configuration works for Sandbox but it doesnot work in PROD.
I have tried to fetch the attribute details in which both PROD and Sandbox are similar. The searchable value for both the attributes is False.
Can you please let me know if I am missing out anything in PROD? The Value B is populated for the Identity but Value A is not NULL in Prod.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Content to Moderator
@yunovd I tried setting up the UID dynamically and it didnt work. Did it work for you when you tested?