and more in a single search tool across platforms. Read the announcement here. |
11/13/2022 11:15 PM
Hi,
We are trying to push email to AD based on value. In case the user's email in Saviynt has XXXX then we will map SSM email to AD mail. We were able to achieve this using the below config.
"mail": "${if((user.email.contains('xxxx.com'))){user.email}}"
But the problem is, if the user email has yyyy.com in SSM, then the above config is clearing the mail attribute in AD as the above config does not handle the else part.
Please note that the source of truth for yyyy.com users is AD and SSM gets the yyyy.com emails from AD. Are there any suggestions to handle the above scenario?
Solved! Go to Solution.
11/14/2022 12:49 AM
Hi there,
If yyy.com is the source of truth, can't you avoid creating update AD account tasks for that domain on the first place through user update rules?
-Siva
11/14/2022 01:45 AM
Hi Siva,
No we will need to push other attribute values to AD from SSM. It is only for email, AD is source for truth.
11/14/2022 11:37 PM
Not the most elegant of solution but you could use something as shown below to drive your logic.
{
${if(user.email.contains('xxxx.com'))
'"givenname" : “'+user.firstname+'","mail" : "'+user.email+'",'
else '"givenname" : “'+user.firstname+'",'
}
"cn": "${user.displayname}",
"sn": "${user.lastname}"
}
11/15/2022 07:59 AM - edited 11/15/2022 08:00 AM
Hi there,
There is a configuration in the connections to handle this criteria.
SUPPORTEMPTYSTRING - Set to TRUE if we need to ignore empty and null values while
provisioning
If set to TRUE - It ignores the empty and null values and doesnt push them to the target
If set to FALSE - It considers the empty and null values and clears in the target.
By default considers FALSE.
11/15/2022 08:00 PM
Hi Rajesh,
It appears to be other way, if that config is set to TRUE, instead of clearing off the attribute in AD, it is pushing NULL value, which is in line with the Saviynt Documentation.
So this does not help our purpose.
Regards,
Bharadwaj.
11/18/2022 10:43 AM
Check if below post helps
11/17/2022 04:04 AM
@Bharadwaj319- Looks like this is a use-case for update account JSON. Could you try using the following expression and let us know if that works for you?
"mail": "${ user?.email?.contains('xxxx.com') ? user.email : account.customproperty10}"
Here account.customproperty10, would be the same customproperty in which you would have mapped the mail attribute from AD in the account attributes for reconciliation.