Custom expressions in advanced attribute flows
If you are at the point where you're comfortable with using the functions and various options in attribute flow creation, I'd like to introduce you to a really cool feature to add some efficiency and extra capabilities to your attribute flow creation: Custom Expressions.
The synchronization rule designer provides you the ability to type in any attribute flow you can define using the flow definition user interface. This is supported through the CustomExpression option you'll find under the advanced options in the value selection list when selecting a value for Source in an attribute flow. See the screenshot below for clarification.
So, what syntax exactly do you use to define the flows in this custom expression box? Create an attribute flow in the normal manner (without using CustomExpression) and take a look at the attribute flow summary view when you save the flow, as shown below.
This summary view represents the attribute flow in a short form syntax as follows:
· Constant strings are represented in quotes (“ “)
o Eg. “Nima”
· Constant numbers are represented simply as numbers.
o Eg. 456
· Attributes are represented as the attribute name.
o Eg. FirstName
· Synchronization rule parameters are represented as the parameter name prefixed with ‘$’.
o Eg. $InitialPassword
· Functions are represented as the name of the function and the associated parameters are given values that follow the syntax outlined here.
o Eg. Left(“TestString” , 5)
· The concatenate operator is represented as ‘+’.
o Eg. FirstName + LastName
The syntax above is the exact same syntax you would use with the CustomExpression option. The example below defines an attribute flow for generating a random password.
Hopefully this makes defining flows a bit quicker for some of you.
The use of the CustomExpression option extends beyond just efficiency for power users though. The CustomExpression option also allows you to define attribute flows containing nested functions, as you saw in the example above for generating random passwords. In addition, you can also use CustomExpression with another very cool function available in the synchronization rule designer: The IIF function.
IIF function (Immediate IF) returns one value if a specified condition evaluates to true, and another value if the condition evaluates to false.
The function's signiture is as follows: IIF(condition, valueIfTrue, valueIfFalse). - Note that in beta 3 the function is mispelled as IFF :)
We use this type of functionality in programming all the time, so how does it provide value in the context of an attribute flow? Well, think of any example where you'd want to flow a particular value to an attribute if some condition was true, and another if it was false. One such example is defining the flow for an employee's email address. Let's assume we want to prefix the email alias of a vendor/contractor with a "v-", and for full time employees we leave the alias as is.
In other words, if the employee is a vendor/contractor, his email becomes his mailnickname "@microsoft.com" prefixed with "v-". So, if nimag was a contractor, his email would become "v-nimag@microsoft.com"
In the synchronization rule designer, we can specify this attribute flow as follows:
For the condition, we used the CustomExpression option to allow us to specify an expression to evaluate. Here we used the Eq() function which takes two arguements as inputs and compares them for equality, returning true if the attribute has the given value and false if not. The condition is not very clear from the screenshot above, and its complete form is Eq(managed:EmployeeType, "Contractor"). The condition is checking to see if the managed:EmployeeType attribute has the value "Contractor".
Our return value if the condition ( the result of the Eq() function ) evaluates to true is the employee's email address prefixed with "v-". The return value if the condition evaluates to false is the employee's email address as is (no prefix).
The following are functions available for use as expressions in the IIF function:
Eq - This is the function used in the example above. This function compares two arguements for equality.
NotEquals - This function compares two arguements for inequality, returning true if they are not equal, and false otherwise. Example: NotEquals(managed:EmployeeType, "Contractor")
LessThan - This function compares two numbers, returning true if the first is less than the second and false otherwise. Example: LessThan(Salary, 100000)
GreaterThan - This function compares two numbers, returning true if the first is greater than second and false otherwise. Example: GreaterThan(Salary, 100000)
LessThanOrEquals - This function compares two numbers, returning true if the first is less than or equal to the second and false otherwise. Example: LessThanOrEquals(Salary, 100000)
GreaterThanOrEquals - This function compares two numbers, returning true if the first is greater than or equals to the second and false otherwise. Example: GreaterThanOrEquals(Salary, 100000)
Hopefully this helps bring to light some of the powerful capabilities you now have with the new provisioning features of ILM "2" !
- Nima
Comments
- Anonymous
January 01, 2003
IsPresent should be added to your list of IIF Expressions (per http://technet.microsoft.com/en-us/library/ff800820(v=WS.10).aspx) - Anonymous
May 20, 2014
Pingback from External Identity Manager for User Profile Synchronization - Anonymous
August 06, 2014
Images seem broke :