Skip to content

Using Transforms, Rules, and Generators

Transforms, rules, and generators are configurations for changing data from one form into another. View the information below for more details about each type, as well as how to use simple and complex transforms.

Understanding Transforms

A transform is a "no-code" configuration that can be edited using an API. Transforms change or transform data from one form into another. In SailPoint's cloud services, transforms allow you to manipulate attribute values while aggregating from or provisioning to a source.

For example, you can use a transform to change data from one format to another before you map it to an attribute in an identity profile.

Simple Transforms

Simple transforms are used to make a single change to a single piece of data related to a single source. IdentityNow provides several default transforms you can use for simple data format changes to use when mapping attributes in identity profiles. For more information, view the section below on Using Simple Transforms.

Complex Transforms

Alternatively, you can combine simple transforms to perform multiple operations on a single attribute. These types of transforms are considered complex transforms. For example, you can use a complex transform to automatically calculate an identity's lifecycle state based on other attributes, such as start date.

You can also create and upload additional transforms using the appropriate transform REST APIs. Note that if you contact SailPoint Services to help with this effort, it will be considered a billable service.

For more information, view the following developer site articles:

Understanding Rules

A rule is a code-based configuration that provides additional flexibility where needed. For example, rules can be used to calculate complex identity attributes, modify provisioning instructions, or interact with a connector.

Unlike transforms, rules must be reviewed by SailPoint Services before they can be implemented for your org.

You can learn more about the review process and rule guidelines in the Developer Community documentation.

Understanding Generators

A generator is a type of rule used specifically to generate the value for an identity attribute. These values are then used to create an account on a source. You can use generators in the Create Account definition for any sources that support provisioning.

Some generators include a Pattern Used field you can use to define the text and identity attributes that IdentityNow will use to compile the required value, based on the requirements for your org. You can also specify the order that IdentityNow generates attributes so that you can reference the value of one generated attribute in a subsequent attribute.

While you can select new attributes for any of these fields, SailPoint recommends using the default values in the Generator fields for the generated attributes. If you need to use custom generators, please contact SailPoint Services for assistance.

Using Simple Transforms

IdentityNow provides several default transforms that you can use to make simple changes to a single piece of data coming from a single source for the sake of consistency, accuracy, or preventing duplicates. For example, you might need to convert a database value from uppercase to lowercase.

  1. Start the process of creating an identity profile.

  2. Select the Mappings tab.

  3. In the Source dropdown list of the attribute you want to transform, select the source you want to get the value from.

  4. In the Attribute dropdown list, select the source attribute you want to map to.

  5. In the Transform dropdown, select the transform you want to use.

    The following simple transforms are available by default:

    • E.164 Phone Format - Converts a phone number into the E.164 standard for phone numbers.
    • ISO3166 Country Format - Converts the name of a country into the two-character ISO 3166 format for countries.
    • Remove Diacritical Marks - Converts diacritical marks to their base characters.
    • ToLower - Converts the value in the selected attribute to lowercase letters.
    • ToUpper - Converts the value in the selected attribute to uppercase letters.
  6. Make selections for all the required attribute mappings. For more information, refer to Mapping Identity Profiles.

  7. Select Save.

Using Rules

If your organization has created identity attribute rules and uploaded them to your org, those rules will be available for you to select when mapping attributes for an identity profile on a Complex Data Source.

  1. Start the process of creating an identity profile

  2. Select the Mappings tab.

  3. In the Source dropdown list of the attribute you want to modify, select Complex Data Source.

    An attribute being mapped, with a custom rule selected under Transform.

    The following rules become available in the Transforms dropdown whenever Complex Data Source is selected:

    • Cloud Calculate Identity Status - This rule calculates the identity cloudStatus attribute for the identity.
    • Cloud Calculate Internal Identity Status Rule - This rule also calculates the identity cloudStatus attribute for the identity.
    • Cloud Calculate Authentication Alias - This rule calculates any authentication aliases for the identity.

    Other rules might be available if they have been configured for your org.

  4. In the Transform dropdown list, select the rule you want to use and select Save.