IdentityNow transforms - Username generator

Hi,

Is there a way to create unique account attributes (not set as AccountID in account Schema) with a template array similar to this?
The 'Create Unique LDAP Attribute' generator uses just one pattern. Could an array be passed to it to check against multiple patterns similar to this transform?

Thanks in advance!

hey  @hari_patel , @efrain_sanchez  and @david_reeves .

How can i manage to use this transform for generate a unique samaccountName? I'm no able to do it een changing the AD Account ID to SamaccountName .

Can you guys hel pe ? 

Here is the transform and the error i'm getting 

Hi all,

Currently only the Account Id attribute is supported to use the Username Generator for.

For other attributes where you might use the Create Unique LDAP Attribute Rule (like sAMAccountName or mail), please either continue to use that rule or create your own generator. Please see here for more assistance on Generator Rules.

Hi @hari_patel , @ross_shwarts , @efrain_sanchez , @david_reeves ,

I just tried to upload the transformation like in Example 1 from my Postman to Sailpoint. 

Unfortunatelly I receive the follwoing Error message:

Hi there @Stephan_M  ,

I had the same issue when I was trying to create a username generator transform not too long ago. The issue I had though was that I was trying to create the transform in the wrong Postman call.

I was originally trying to do a POST to "{{url}}/api/transform/create". Instead, what's required here is to do a GET call to "{{url}}/api/accountProfile/list/{{source number}}". The source number here is from whichever connector you want to use the username generator transform for.

The result will come back, and you'll see in the JSON for each attribute a spot for a transform. This is where the username generator transform is applied. You place it in, configured as you want it, and then include everything else that came back from that previous GET call when you then make a POST to "{{url}}/api/accountProfile/bulkUpdate/{{same source number}}".

I would first backup whatever you had come back in that GET call before making this POST call. If successful, you should be able to go to the Create Profile tab for the connector and see that a custom transform is being applied to the attribute you placed the transform under.

Let me know if this works for you,

Dan

Hi @Stephan_M , based on the error message, it looks like you are trying to create a transform from Example 1. 

Please note the comments under Transform Structure. These examples are attribute configurations as part of an Account Profile (specifically, account create profile). These examples would be used for a source where the username is the Account Id rather than a source where the account Id is an internal system id (like Azure AD).

Also, you can use the beta APIs to handle updating the AccountProfiles (called Provisioning Policies in the APIs)

- List: https://developer.sailpoint.com/idn/api/beta/list-provisioning-policies

- Get: https://developer.sailpoint.com/idn/api/beta/get-provisioning-policy

- Update (via PUT): https://developer.sailpoint.com/idn/api/beta/put-provisioning-policy

I tried the simplest version from gui and still got below error:

Error generating a unique value, the exception was: java.lang.Exception: Unable to contact connector to generate unique value and is not retry-able. Action:UniqueAccountIdValidator: Calling getObject for objectType 'account' using id 'AdaPrats' and options '{cloudConfigOverrides={aggregateTimeout=30, disablePooling=true, timeout=30}}' on source 'Prod AD (Prov) [source]'. Exception: sailpoint.connector.ConnectorException: [ InvalidConfigurationException ] [ Error details ] Required string attribute 'User' is not defined.It must have a valid value.

This is snippet for samaccountname (Account ID for AD source) from the ‘CREATE’ Provisioning policy 

 {

            "name": "sAMAccountName",

            "transform": {

                "attributes": {

                    "name": "Create Unique Account ID"

                },

                "type": "rule"

            },

            "attributes": {

                "template": "$(firstname)$(lastname)$(uniqueCounter)",

                "cloudMaxUniqueChecks": "5",

                "cloudMaxSize": "100",

                "cloudRequired": "true"

            },

            "isRequired": false,

            "type": "",

            "isMultiValued": false

        },

Please suggest if anyone has clue what can cause this type of error

@pradeepSB 

I am getting the same error while I am provisioning to AD. Have you resolved the issue?

Thanks.

What exactly does the cloudRequired attribute do? The article indicates:

The cloudRequired attribute is an internal flag required for the IdentityNow platform, and can simply be left as true.

If its only purpose is to be used internally, then why is it exposed? Would it be possible to update the article with a more clear explanation?

I also noticed there is another attribute, isRequried, which is set to false. Why would a Username not be required when creating a new account?

@pradeepSB Im facing the same issue, do you solved it??

Thank you in advance,

Regards

@pkumar22 

Im facing the same issue, do you solved it??

Thank you in advance,

Regards

@Beatriz 

we created a rule.

Thanks.