LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-09 12:27:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fc7aed78d0e66a6c48530349c7577e488eceae2f
developer.sailpoint.com/docs/extensibility/rules/cloud-rules/correlation_rule.md
piyush-khandelwal-sp eabf0132a8 Update correlation_rule.md
2025-01-21 15:05:35 +11:00

3.1 KiB
Raw Blame History

id, title, pagination_label, sidebar_label, sidebar_class_name, keywords, description, slug, tags
id title pagination_label sidebar_label sidebar_class_name keywords description slug tags
correlation-rule Correlation Rule Correlation Rule Correlation Rule Correlation Rule
cloud
rules
correlation
This rule associates or correlates an account to an identity, based on complex logic. /extensibility/rules/cloud-rules/correlation-rule
Rules

Overview

This rule associates or correlates an account to an identity, based on complex logic. The rule runs before configured account correlation including the default account correlation.

Execution

  • Cloud Execution - This rule executes in the Identity Security Cloud cloud, and it has read-only access to Identity Security Cloud data models, but it does not have access to on-premise sources or connectors.
  • Logging - Logging statements are currently only visible to SailPoint personnel.

Rule Execution

Input

Argument Type Purpose
log org.apache.log4j.Logger Logger to log statements. Note: This executes in the cloud, and logging is currently not exposed to anyone other than SailPoint.
idn sailpoint.server.IdnRuleUtil Provides a read-only starting point for using the SailPoint API. From this passed reference, the rule can interrogate the Identity Security Cloud data model including identities or account information via helper methods as described in IdnRuleUtil.
account sailpoint.object.ResourceObject Read-only representation of account data that has been aggregated. Use this as a basis to determine correlation linkages with a specific identity.
application sailpoint.object.Application Read-only reference to application object that represents the source to which account correlation is being done.

Output

Argument Type Purpose
returnMap java.util.Map Map object containing a reference to the identity attributes to correlate to. These should contain both identityAttributeName and identityAttributeValue as keys.

Template

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule name="Example Rule" type="Correlation">
  <Description>Describe your rule here.</Description>
  <Source><![CDATA[

  // Add your logic here.

  ]]></Source>
</Rule>

Example - Correlate Account to Identity Based on Calculated Email Address

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule name="Example Rule" type="Correlation">
  <Description>Correlates based on a calculated email address.</Description>
  <Source><![CDATA[

Map returnMap = new HashMap();

String calculatedEmail = account.getStringAttribute( "username" ) + "@example.com";

returnMap.put( "identityAttributeName", "email");
returnMap.put( "identityAttributeValue", calculatedEmail );

return returnMap;

  ]]></Source>
</Rule>

Note: The attribute mentioned in identityAttributeName should be a searchable one.