Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Push an attribute to AD based on condition

New Contributor III
New Contributor III


We are trying to push email to AD based on value. In case the user's email in Saviynt has XXXX then we will map SSM email to AD mail. We were able to achieve this using the below config.

"mail": "${if((''))){}}"

But the problem is, if the user email has in SSM, then the above config is clearing the mail attribute in AD as the above config does not handle the else part.

Please note that the source of truth for users is AD and SSM gets the emails from AD. Are there any suggestions to handle the above scenario?


Valued Contributor
Valued Contributor

Hi there,

If is the source of truth, can't you avoid creating update AD account tasks for that domain on the first place through user update rules?


New Contributor III
New Contributor III

Hi Siva,

No we will need to push other attribute values to AD from SSM. It is only for email, AD is source for truth.  


Not the most elegant of solution but you could use something as shown below to drive your logic.

'"givenname" : “'+user.firstname+'","mail" : "''",'
else '"givenname" : “'+user.firstname+'",'
"cn": "${user.displayname}",
"sn": "${user.lastname}"




Avinash Chhetri

Saviynt Employee
Saviynt Employee

Hi there,

There is a configuration in the connections to handle this criteria. 

SUPPORTEMPTYSTRING - Set to TRUE if we need to ignore empty and null values while

If set to TRUE - It ignores the empty and null values and doesnt push them to the target

If set to FALSE - It considers the empty and null values and clears in the target.

By default considers FALSE.


Rajesh Ramalingam
Saviynt India

Hi Rajesh,

It appears to be other way, if that config is set to TRUE, instead of clearing off the attribute in AD, it is pushing NULL value, which is in line with the Saviynt Documentation.


So this does not help our purpose.



Check if below post helps

Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Saviynt Employee
Saviynt Employee

@Bharadwaj319- Looks like this is a use-case for update account JSON. Could you try using the following expression and let us know if that works for you?

"mail": "${ user?.email?.contains('') ? : account.customproperty10}"

Here account.customproperty10, would be the same customproperty in which you would have mapped the mail attribute from AD in the account attributes for reconciliation.