Setting Account Mappings

  1. Navigate to Global Settings > Account Mappings.
  2. Create a new attribute by clicking Add New Attribute.

  3. Set the following values:

    1. Attribute Name (with the same character case): siqAccountName

    2. Display Name: File Access ManagerAccount Name

  4. Click Add Source to add a new source.

  5. Select Global Rule.

  6. Click the ellipsis button () to the right of the Rule field.

  7. Set the following values:

    1. Rule Name: SIQ Account Name

    2. Source code:

    Copy 
    import sailpoint.object.Application;
    import sailpoint.object.Link;
    import sailpoint.tools.Util;
    import java.util.List;

    value = null;
      
    if (link != null) {

        Application app = link.getApplication();

        if (app != null && app.type.equalsIgnoreCase("Active Directory - Direct")) {

            String msDSPrincipalName = link.getAttribute("msDS-PrincipalName");
            if (Util.isNotNullOrEmpty(msDSPrincipalName) && msDSPrincipalName.contains("\\") ) {
              value = msDSPrincipalName;
            }
            else {
                String sAMAccountName = link.getAttribute("sAMAccountName");
                String distinguishedName = link.getAttribute("distinguishedName");
                List settings = app.getAttributeValue("domainSettings");

                if (settings != null && Util.isNotNullOrEmpty(sAMAccountName) && Util.isNotNullOrEmpty(distinguishedName)) {

                    distinguishedName = distinguishedName.toLowerCase();
                    String userDomainDN = distinguishedName.substring(distinguishedName.indexOf(",dc=") + 1);

                    for (Map settingObj : Util.iterate(settings)) {
                        if (!Util.isEmpty(settingObj)) {

                            String domainNetBIOSName = Util.getString(settingObj, "domainNetBiosName");
                            String domainDN = Util.getString(settingObj, "domainDN");
                            if (Util.isNotNullOrEmpty(domainNetBIOSName) && Util.isNotNullOrEmpty(domainDN) && userDomainDN.equalsIgnoreCase(domainDN)) {
                                value = domainNetBIOSName + "\\" + sAMAccountName;
                            }
                        }
                    }
                }
            }
        }
    }

    return value;
  8. Click Save.

  9. Select SIQ Account Name from the Rules selection.

  10. Click Add

  11. Click Save.
  12. Create a new attribute by clicking Add New Attribute.
  13. Set the following values:
  14. Attribute Name (with the same character case): siqPrincipalName

  15. Display Name: File Access Manager Principal Name

  16. Click Add Source to add a new source.
  17. Set the following values:
    1. Application: The Active Directory application name

    2. Attribute: userPrincipalName

  18. Click Add.

  19. Click Save.

To force IdentityIQ account mappings to be updated, run the Active Directory Account Aggregation task with option "Disable optimization of unchanged accounts" checked.