Overview
A common provisioning scenario is generating a new email address while ensuring that there isn't a clash with an existing directory record.
Often uniqueness should be enforced against both proxy addresses and existing email addresses. In this scenario we assume the prefix (portion before @) should be unique to accommodate email domain changes, but it is equally possible to include the domain in the uniqueness check.
With Identity Panel there is a pattern or "recipe" to follow for doing exactly this, and involves two elements:
- a Uniqueness Checking Index, or collection of existing values to efficiently scan to avoid creating a clash
- a Custom Rule Function, which although optional, ensures the means of accessing the index is consistent, and makes for easier overall solution documentation,
Recipe Part A - Create unique index
The following recipe shows how to create a unique index against proxy address collections. Typical deployments will also have indices on attributes like mail and UPN.
- From the Settings menu select Extensions
- Check to see if a Unique Names Settings extension already exists, and if not, create one:
- Click in the Select Type field and select Unique Names Settings
- Click + New
- Click in the Name field and enter a meaningful value, e.g. Uniqueness Checks
- Click the V button to expand
- Click + New under Uniqueness Checking Indices
- Enter details, e.g. (for an AD silo)
- Name = "Proxy" (must be unique - if multiple AD silos, consider concatenation of silo name)
- Identity Silo = "AD"
- Object Type = user
- Click the V button to expand and enter Unique Index Definition details
-
-
Attributes = proxyAddresses (select from drop-down list from silo schema)
-
Is Multivalued = ON (checked)
-
Iteration Limit = 100 (set according to likelihood of clash based on organization size)
-
Value Rule = Split(Split(context, ":").1, "@").0
-
Value Root = RegexReplace(Split(Split(context, ":").1, "@").0, "\\d", "")
-
Key Rule = Attributes.employeeID (AD attribute which is already known to be unique)
-
Reservation Time = 1.00:00:00 (1 day)
-
-
Save the configuration
Recipe Part B - Create Custom Rule Function
This recipe assumes checking against multiple indices (in this case Mail and Proxy).
-
From the Settings menu select Environment Settings
-
Check to see if a Unique Names Settings extension already exists, and if not, create one:
-
Click + New
-
Enter your new function name (with any parameters in parentheses), e.g.
MakeEmail(empid, prefix, suffix) -
Click the V button to expand
-
Select Kind = Rule (the PowerShell alternative is especially helpful if you are migrating from PowerShell rules)
-
Enter a description e.g.
Creates a unique email address typically called in the migration service forms -
Enter rule definition, e.g.
MakeUnique(List("Mail", "Proxy"),
empid,
RegexReplace(prefix, "\\d", ""),
$"{Parent.prefix}{IterationName}"
) + "@" + suffix
-
-
Comments
0 comments
Article is closed for comments.