Use Scriptable Conditions in a Mapping

By default, Identity Cloud synchronizes all attributes in a mapping. For more complex relationships between source and target objects, you can define conditions under which Identity Cloud maps certain attributes. You can define two types of mapping conditions:

  • Scriptable conditions, in which an attribute is mapped only if the defined script evaluates to true.

  • Condition filters, a declarative filter that sets the conditions under which the attribute is mapped. Condition filters can include a link qualifier, that identifies the type of relationship between the source object and multiple target objects. For more information, see "Map a Single Source Object to Multiple Target Objects".

    The following list shows examples of condition filters:

    • "condition": "/object/country eq 'France'" - only map the attribute if the object's country attribute equals France.

    • "condition": "/object/password pr" - only map the attribute if the object's password attribute is present.

    • "condition": "/linkQualifier eq 'admin'" - only map the attribute if the link between this source and target object is of type admin.

Configure Mapping Conditions in the UI
  1. Select Configure > Mappings and click the mapping for which you want to configure conditions.

  2. On the Properties tab, click on the attribute that you want to map, then select the Conditional Updates tab.

  3. Configure a filtered condition on the Condition Filter tab, or a scriptable condition on the Script tab.

Scriptable conditions create mapping logic, based on the result of the condition script. If the script does not return true, Identity Cloud does not manipulate the target attribute during a synchronization operation.

In the following excerpt, the value of the target mail attribute is set to the value of the source email attribute only if the source attribute is not empty:

{
    "target": "mail",
        "comment": "Set mail if non-empty.",
        "source": "email",
        "condition": {
            "type": "text/javascript",
            "source": "(object.email != null)"
        }
...

Tip

You can add comments to JSON files. This example includes a property named comment; however, you can use any unique property name, as long as it is not used elsewhere in the server. Identity Cloud ignores unknown property names in JSON configuration files.

Read a different version of :