LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-09 12:27:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
83c944f2cbec8ad865e2cc01771b7dd92bbd385c
developer.sailpoint.com/docs/extensibility/transforms/guides/identity-context.md
darrell-thobe-sp 71f569a650 making updates to follow SailPoint branding
2025-05-08 12:25:53 -04:00

5.2 KiB
Raw Blame History

id, title, pagination_label, sidebar_label, sidebar_class_name, keywords, description, sidebar_position, slug, tags
id title pagination_label sidebar_label sidebar_class_name keywords description sidebar_position slug tags
identity-context Identity attribute context in transforms Identity Attribute Context Identity Attribute Context identityContextTransform
transforms
guides
nested
lifecycle
Examples on how you might use the identity attribute context. 5 /extensibility/transforms/guides/identity-context-examples
Transforms
Guides
identity

Overview

Transforms ship with the Apache Velocity template engine, which allows a transform to reference, transform, and render values passed into the transform context.

The following variables are available to the Apache Velocity template engine when a transform is used to source an identity attribute:

Variable Type Description
identity sailpoint.object.Identity This is the identity the attribute promotion is performed on.
attributeDefinition sailpoint.object.AttributeDefinition This is the definition of the attribute being promoted.
oldValue Object This is the attribute's previous value.

For available methods on these objects see our Rules Java Docs.

Examples

These examples will help you learn what you can do with the identity context.

:::info

You can use $identity, as well as the other variables, in all transform operations.

:::

Get the ID of the identity's manager

You must use a firstValid. If the identity does not have a manager, getManager() returns null.

{
  "type": "firstValid",
  "attributes": {
    "values": [
      "$identity.getManager().getId()",
      "no manager exists"
    ]
  }
}

Get a custom attribute of the identity's manager

You must use a firstValid. If the identity does not have a manager, getManager() returns null.

{
  "type": "firstValid",
  "attributes": {
    "values": [
      "$identity.getManager().getStringAttribute('country')",
      "no manager exists"
    ]
  }
}

Get managerial status of the identity

This example would get a boolean response indicating whether the identity is listed as the manager of another identity.

{
  "type": "static",
  "attributes": {
    "value": "$identity.getManagerStatus()"
  }
}

Get an identity's accounts

This example would get an identity's various associated source accounts.

{
  "type": "static",
  "attributes": {
    "value": "$identity.getLinks()"
  }
}

Get details of an account on a specified application/source

The below examples pull in the SailPoint-generated account ID for the first account an identity has on a source, but you can replace id with the name of the attribute you're interested in retrieving.

To retrieve an attribute from an identity's account in a specific source, by Source ID:

{
  "type": "firstValid",
    "attributes": {
        "values": [
            {
                "type": "static",
                "attributes": {
                    "value": "$identity.getLinksByAppIdOrName(\"2c918088814e6a610181686b56977fa8\",null)[0].id"
                }
            },
            null
        ],
        "ignoreErrors": true
    }
}

To retrieve an attribute from an identity's account in a specific source, by Source Name:

:::caution

Note the [source] at the end of the Source Name in the below example. This is required for all sources other than the internal IdentityNow source.

:::

{
  "type": "firstValid",
    "attributes": {
        "values": [
            {
                "type": "static",
                "attributes": {
                    "value": "$identity.getLinksByAppIdOrName(null,\"Active Directory [source]\")[0].id"
                }
            },
            null
        ],
        "ignoreErrors": true
    }
}

Get a comma separated list of account names from an application/source

This is the velocity logic of the transform:

/* Loop through accounts returned from get accounts by application id */
#foreach($account in $identity.getLinksByAppIdOrName("2c918088814e6a610181686b56977fa8",null))
    #if($foreach.index + 1 != $identity.getLinks().size()) /* If we are not on the last item, include a comma */
        $account.getNativeIdentity(),
    #else
        $account.getNativeIdentity()
    #end
#end

{
  "type": "static",
  "attributes": {
    "value": "#foreach($account in $identity.getLinksByAppIdOrName(\"2c918088814e6a610181686b56977fa8\",null))#if($foreach.index + 1 != $identity.getLinks().size())$account.getNativeIdentity(),#else$account.getNativeIdentity()#end#end"
  }
}

Notes

:::caution

If you assign a variable with the identity attribute context, doing so will cast the type to a string.

:::

For example, you may do this if you wanted to assign the identity's manager object to a variable and then get additional data from it.

:::warning Invalid

{
  "type": "static",
  "attributes": {
    "manager": "$identity.getManager()",
    "value": "$manager.getStringAttribute('country')"
  }
}

:::

:::tip Valid

{
  "type": "static",
  "attributes": {
    "managerCountry": "$identity.getManager().getStringAttribute('country')",
    "value": "$managerCountry"
  }
}

:::