Scriptable conditions in a mapping
By default, IDM synchronizes all attributes in a mapping. For more complex relationships between source and target objects, you can define conditions under which IDM maps certain attributes. You can define two types of mapping conditions:
-
Scriptable conditions, in which an attribute is mapped only if the defined script evaluates to
true
. -
Condition filters, a declarative filter that sets the conditions under which the attribute is mapped. Condition filters can include a link qualifier , that identifies the type of relationship between the source object and multiple target objects. For more information, see Map a Single Source Object to Multiple Target Objects.
The following list shows examples of condition filters:
-
"condition": "/object/country eq 'France'"
—Only map the attribute if the object’scountry
attribute equalsFrance
. -
"condition": "/object/password pr"
—Only map the attribute if the object’spassword
attribute is present. -
"condition": "/linkQualifier eq 'admin'"
—Only map the attribute if the link between this source and target object is of typeadmin
.
-
Configure mapping conditions using the IDM admin UI
-
From the IDM console, click Native Consoles > Identity Management.
-
From the navigation bar, click Configure > Mappings, and click the mapping to edit.
-
Click the Properties tab.
-
Expand the Attributes Grid node, click the property to edit, click the Conditional Updates tab, and then do one of the following:
-
To configure a filtered condition, click Condition Filter.
-
To configure a scriptable condition, click Script.
-
-
Click Save.
Scriptable conditions create mapping logic, based on the result of the condition script. If the script does not return true
, IDM does not manipulate the target attribute during a synchronization operation.
In the following excerpt, the value of the target mail
attribute is set to the value of the source email
attribute only if the source attribute is not empty:
{
"target": "mail",
"comment": "Set mail if non-empty.",
"source": "email",
"condition": {
"type": "text/javascript",
"source": "(object.email != null)"
}
...
You can add comments to JSON files. This example includes a property named |