and more in a single search tool across platforms. Read the announcement here. |
on 09/06/2023 07:18 AM
Ans: If a different attribute is required to be passed in case of birthright provisioning and another user property is supposed to be passed when the task is created by a request (ARS), the task can be differentiated based on task source. To pass an attribute based on task source, following Groovy expression can be used.
In the following example, 'userPrincipleName' value is given based on the task source (if the source of the task is REQUEST, then user's system user name followed by '@testlocal.local' value is passed to the target, else the value stored in user's customproperty21 is passed to the target)
"userPrincipalName": "${if(task.source.equals('REQUEST')){ user.systemUserName+'@testlocal.local'}else{user.customproperty21}}"
Ans: If there is a need to pass different multi-valued attributes to the target and these are stored in endpoint custom-properties, any of the following Groovy scripts can help -
(1) Using a JSON: "objectclass”: ${task.endpoint.customproperty5.split(',').inspect()}
OR
(2) Using JSON Builder: map1.put("objectclass", Arrays.asList(task.endpoint.customproperty5.split("\\s*,\\s*")));
In sited examples, it is assumed the customproperty5 of the specific Endpoint holds the values of the of the object class to be passed to the target AD/LDAP.
Ans: When an end user modifies value(s) for account attribute(s) using Dynamic attributes on the form, the updated value will be part of the Dynamic attributes which are modified and the current value(s) will be available in the customproperty of the account. Hence, we need to compare the current value in the account customproperty with the modified value in the Dynamic attribute value.
Example – Suppose there is a dynamic attribute called Teams which is a multi-select dropdown type of dynamic attribute on the endpoint form and the provisioning JSON expects only new values to be passed into the target via the update account JSON. Hence, we need to find out the difference between the existing value (value in customproperty3) and the new values selected in the dynamic attribute. Below Groovy script can find out the difference between the new value and current value.
${task.accountKey.customproperty3==null?'':task.accountKey.customproperty3.split(',').minus(Teams.split(',')).join(',')}
Ans: The following Groovy script can be used to fetch the certifier information in the Create Ticket JSON.
${com.saviynt.ecm.identitywarehouse.domain.Users.get(com.saviynt.ecm.campaign.domain.Certification.get(task.sourceId).certifier).username}
${com.saviynt.ecm.identitywarehouse.domain.Users.get(com.saviynt.ecm.campaign.domain.Certification.get(task.sourceId).certifier).email}
${com.saviynt.ecm.identitywarehouse.domain.Users.get(com.saviynt.ecm.campaign.domain.Certification.get(task.sourceId).certifier).displayname}
Ans: The following Groovy expression can be used to fetch the requested by information in the JSONs.
${if(task.requestKey!=null){com.saviynt.ecm.identitywarehouse.domain.Users.get(task?.requestedBy).email}else{'amit.krishnajit@saviynt.com'}}
${if(task.requestKey!=null){com.saviynt.ecm.identitywarehouse.domain.Users.get(task?.requestedBy).username}else{'amit.krishnajit@saviynt.com'}}
Ans: Split function available in Groovy can be utilized to split the values using the delimiter and then pass the value to the target.
Sample for split function usage:
def x = 'A,B,C,D,E'
println x.split(',')
println x.split(',')[0]
In the above script, x is a variable which holds comma-separated values. The split function can be used to split the values based on the delimiter - comma(,). The split function will return the values in an array format and values can be accessed by passing index number in square-brackets.
For example – if three values are stored by concatenating using pipe (|) delimiter, then we can use following Groovy script to split the values and pass them to the target
"localityName": "${user.customproperty21.split('\\|')[0]}",
"street": "${user.customproperty21.split('\\|')[1]}",
"stateOrProvinceName": "${user.customproperty21.split('\\|')[2]}"
If three values are stored by concatenating using comma (,) delimiter, then we can use following Groovy script to split the values and pass them to the target
"localityName": "${user.customproperty21.split(',')[0]}",
"street": "${user.customproperty21.split(',')[1]}",
"stateOrProvinceName": "${user.customproperty21.split(',')[2]}"
Ans: The following Groovy expression can be used to fetch the request ID to be passed into target.
${if(task.requestKey!=null){task.requestKey?.processinstanceid?.substring(task.requestKey?.processinstanceid?.indexOf('.') + 1, task.requestKey?.processinstanceid?.length())}else if(task.requestKey==null){task.id}}
Ans: Please see the following sample scrript for date type comparison in the provisioning JSONs.
def Date startdate = Date.parse("yyyy-MM-dd hh:mm:ss", '2020-10-27 00:00:00')
def x = new java.text.SimpleDateFormat("yyyy-MM-DD").parse(new java.text.SimpleDateFormat("yyyy-MM-DD").format(new Date())).getTime()
def y = new java.text.SimpleDateFormat("yyyy-MM-DD").parse(new java.text.SimpleDateFormat("yyyy-MM-DD HH:mm:ss").format(startdate)).getTime()
print x>=y?true:false
In the above script, startdate is a Date type of variable which holds a sample start date in the same format in which Saviynt stores the user's start/end date values. The variable x is assigned with the value of today's date in milliseconds as getTime() method returns the time in milliseconds format. Similarly, variable y is assigned with the milliseconds value of the startdate. The print statement is used to print if the condition evaluates to true or false when the milliseconds value in variable x is greater than or lower than that of y respectively.
In the below example, the user account control value is passed as 512 when the start date is less than today's date, otherwise 514 is set as the user account control.
"useraccountcontrol": "${if(new java.text.SimpleDateFormat("yyyy-MM-DD").parse(new java.text.SimpleDateFormat("yyyy-MM-DD").format(new Date())).getTime()<new java.text.SimpleDateFormat("yyyy-MM-DD").parse(new java.text.SimpleDateFormat("yyyy-MM-DD").format(user.startdate)).getTime()){514}else{512}}"
Ans: We can use JSON Builder in the following way to perform complex calculations in JSONs and pass them to target systems.
${ Map map1 = new HashMap();
String gname=user.firstname; gname=gname.replaceAll("[^a-zA-Z0-9]",""); if(gname.size() > 32) gname=gname.substring(0,32); map1.put("givenName",gname);
String lastname=user.lastname; lastname=lastname.replaceAll("[^a-zA-Z0-9]",""); if(lastname.size() > 32) lastname=lastname.substring(0,32); map1.put("sn",lastname);
String testmiddlename = user.customproperty52; if(testmiddlename!=null) testmiddlename=testmiddlename.replaceAll("[^a-zA-Z0-9]",""); if(testmiddlename!=null) map1.put("initials",testmiddlename.substring(0,1)); if(testmiddlename==null) map1.put("initials",testmiddlename);
String sor=user.customproperty15; if(sor.equals("Canada")&& user.customproperty48!=null) map1.put("o",user.customproperty48); else map1.put("o",user.companyname);
String emp=user.employeeType; def upn=user.customproperty7+'@'+'test.org'; if(emp.equals("CHANNEL_PARTNER")) map1.put("userPrincipalName",user.email); else map1.put("userPrincipalName",upn);
def dp; if(emp.equals("SERVICE_PROVIDER") && testmiddlename!=null) dp=lastname+', '+gname+testmiddlename.substring(0,1)+'(External)'; if(emp.equals("SERVICE_PROVIDER") && testmiddlename == null) dp=lastname+', '+gname+'(External)'; if((!(emp.equals("SERVICE_PROVIDER")) && testmiddlename!=null)) dp=lastname+', '+gname+testmiddlename.substring(0,1); if((!(emp.equals("SERVICE_PROVIDER")) && testmiddlename==null)) dp=lastname+', '+gname; map1.put("displayName",dp);
String company=user.companyname; if(emp.equals("SERVICE_PROVIDER") && company.equals("Conduent")) map1.put("msDS-cloudExtensionAttribute1","SV1"); if(emp.equals("SERVICE_PROVIDER") && (company.equals("Test-xyz") || company.equals("Test-abc"))) map1.put("msDS-cloudExtensionAttribute1","CP2");
if(emp.equals("CONTRACT") || emp.equals("XAR_CONTRACTOR") || emp.equals("XBR_CONTRACTOR") || emp.equals("XCL_CONTRACTOR") || emp.equals("XDOR_CONTRACTOR") || emp.equals("XE_CONTRACTOR") || emp.equals("XILE_CONTRACTOR") || emp.equals("XMEX_OUTSOURCING") || emp.equals("XPE_CONTRACT")) map1.put("msDS-cloudExtensionAttribute1","CP2");
if(emp.equals("XAR_EMPLOYEE")|| emp.equals("XBR_EMPLOYEE")|| emp.equals("XCL_EMPLOYEE")|| emp.equals("XCL_EMPLOYEE_TEMP")|| emp.equals("XDOR_EMPLOYEE")|| emp.equals("XE_AGENCY")|| emp.equals("test_CANADA")|| emp.equals("test_CONNECT")|| emp.equals("test_CO-OP")|| emp.equals("test_DIRECT_CANADA")|| emp.equals("test_EMPLOYEE")|| emp.equals("test_EXEMPT")|| emp.equals("test_GLOBAL_SERVICES")|| emp.equals("test_INDUSTRIAL")|| emp.equals("test_INTERNATIONAL")|| emp.equals("test_INTERNATIONAL_TEMP")|| emp.equals("test_MODI")|| emp.equals("test_NON_MCTY_INDUSTRIAL")|| emp.equals("test_NON-EXEMPT")|| emp.equals("test_RETIREE")|| emp.equals("test_SECURITY")|| emp.equals("test_SHANGHAI")|| emp.equals("test_TEMP_HIRE")|| emp.equals("XILE_EMPLOYEE")|| emp.equals("XMEX_EMPLOYEE")|| emp.equals("XPE_EMPLOYEE")) map1.put("msDS-cloudExtensionAttribute1","EP1");
if(user.employeeType && user.customproperty15 && user.customproperty3) map1.put("test-user-type",UserType);
if(user.employeeType && user.customproperty15) map1.put("test-user-type",UserType1);
if(user.customproperty15 && user.customproperty3) map1.put("test-user-type",UserType2);
if(user.employeeType && user.customproperty3) map1.put("test-user-type",UserType3);
map1.put("co",CountryName); map1.put("test-countrycode",testCountryCode); map1.put("countryCode",CountryCode); map1.put("manager",ManagerDN); map1.put("description",user.customproperty61);
map1.put("instanceType","4"); map1.put("GroupPriority","2"); map1.put("company",user.companyname); map1.put("userAccountControl","512");
map1.put("test-person-SOR",user.customproperty15); map1.put("legacyEmployeeNumber",user.customproperty20);
List list1 = new ArrayList(); list1.add("top"); list1.add("person"); list1.add("organizationalPerson"); list1.add("user"); map1.put("objectclass",list1);
map1.put("sAMAccountName",user.username); map1.put("employeeType",user.employeeType);
map1.put("test-person-email",user.email); map1.put("l",user.customproperty37); map1.put("postalCode",user.regioncode); map1.put("st",user.state); map1.put("street",user.street); map1.put("telephoneNumber",user.phonenumber); map1.put("preferredLanguage",user.customproperty5);
map1.put("employeeNumber",user.employeeid); map1.put("c",user.customproperty3);
map1.put("extensionAttribute7",user.customproperty39); map1.put("extensionAttribute15",user.customproperty26); map1.put("employeeID",user.customproperty21); map1.put("msDS-cloudExtensionAttribute2",user.customproperty27); map1.put("msDS-cloudExtensionAttribute6",user.customproperty30); map1.put("test-person-disabled",user.customproperty45); map1.put("test-person-status",user.customproperty2); map1.put("test-s3-guid",user.customproperty29);
map1.put("test-hr-jobcode",user.customproperty14); map1.put("test-hr-organizationcode",user.customproperty38);
jsonBuilder = new groovy.json.JsonBuilder(map1); return jsonBuilder.toString().replace('\\\\','\\'); } |
Ans: We can use JSON Builders in AD/LDAP connector, ADSI connector and DB Connector.
JsonBuilders are tested and working fine for AD/LDAP, ADSI and DB Connectors. Other connectors are yet to be tested
jsonBuilder is supported for REST Connection?