LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-10 04:19:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #556 from sailpoint-oss/devrel-1359

Browse Source 
Add note to identity attribute rule
This commit is contained in:
Tyler Mairose
2024-05-09 13:59:19 -04:00
committed by GitHub
parent b3a9bda9c8 904fb591ce
commit e13140ca2e
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/extensibility/rules/cloud-rules/identity_attribute_rule.md
View File

@@ -16,7 +16,7 @@ tags: ['Rules']
This rule calculates and returns an identity attribute for a specific identity. This rule is known as a "complex" rule on the identity profile. This rule calculates and returns an identity attribute for a specific identity. This rule is known as a "complex" rule on the identity profile.
An important consideration with IdentityAttribute rules is whether generation logic that includes uniqueness checks is acceptable. While not explicitly disallowed, this type of logic is firmly against SailPoint's [best practices](https://community.sailpoint.com/t5/Identity Security Cloud-Articles/Best-Practices-Generating-Usernames-in-Identity Security Cloud/ta-p/153749). When calculating and promoting identity attributes via a transform or a rule, the logic contained within the attribute is always re-run and new values might end up being generated where such behavior is not desired. Additionally, the attribute calculation process is multi-threaded, so the uniqueness logic contained on a single attribute is not always guaranteed to be accurate. For this reason, SailPoint strongly discourages the use of logic that conducts uniqueness checks within an IdentityAttribute rule. The recommendation is to execute this check during account generation for the target system where the value is needed. An important consideration with IdentityAttribute rules is whether generation logic that includes uniqueness checks is acceptable. While not explicitly disallowed, this type of logic is firmly against SailPoint's [best practices](https://community.sailpoint.com/t5/IdentityNow-Articles/Best-Practices-Generating-Usernames-in-IdentityNow/ta-p/153749). When calculating and promoting identity attributes via a transform or a rule, the logic contained within the attribute is always re-run and new values might end up being generated where such behavior is not desired. Additionally, the attribute calculation process is multi-threaded, so the uniqueness logic contained on a single attribute is not always guaranteed to be accurate. For this reason, SailPoint strongly discourages the use of logic that conducts uniqueness checks within an IdentityAttribute rule. The recommendation is to execute this check during account generation for the target system where the value is needed.
## Execution ## Execution
@@ -59,6 +59,12 @@ An important consideration with IdentityAttribute rules is whether generation lo
## Example - Calculate Lifecycle State Based on Start and End Dates ## Example - Calculate Lifecycle State Based on Start and End Dates
:::info
The life cycle state attribute is computed last during refresh. This allows you to reference other identity attributes within the rule.
:::
```java ```java
<?xml version='1.0' encoding='UTF-8'?> <?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd"> <!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">