Windows integration - code samples

It is a list of code samples applicable to the Windows integration configuration. In this section:

  • Correlation Rule - code sample
  • Customization Rule - code sample
  • Provisioning Rule - Name - code sample
  • Leaver Rule - code sample

Correlation Rule - code sample

The following correlation rule establishes an Identity as the owner of the Windows account based on the similarity of the Identity’s Name and the Username property of the Windows account.


     var account = readOnlyAccess360DbContext.Accounts
    .Where(x => x.IntegrationId == integrationId && x.Id == accountId && !x.Terminated)
    .SingleOrDefault();

if (account is not null)
{
        var accountName = account.Name
                .Replace(" ", "")
                .Replace("_adm", "");

        var ownerIdentityId = readOnlyAccess360DbContext.Identities
                .Where(x => x.Name.Contains(accountName) && !x.Terminated)
                .Select(x => x.Id)
                .SingleOrDefault();
                                
        if (ownerIdentityId != default)
        {
                return new(ownerIdentityId, OwnerType.Identity);
        }
}

return null;

Customization Rule - code sample

The following customization rule determines the user type of imported accounts if the account’s Name property matches one active identity’s name, or otherwise, it is classified as an orphan type.


var account = readOnlyAccess360DbContext.Accounts
    .Where(x => x.IntegrationId == integrationId && x.Id == accountId && !x.Terminated)
    .SingleOrDefault();

if (account is not null)
{
        var accountName = account.Name
                .Replace(" ", "")
                .Replace("_adm", "");

        var ownerIdentityId = readOnlyAccess360DbContext.Identities
                .Where(x => x.Name.Contains(accountName) && !x.Terminated)
                .Select(x => x.Id)
                .SingleOrDefault();
                                
        if (ownerIdentityId != default)
        {
                return (AccountType.User, null, null, null);
        }
}

return (AccountType.Orphan, null, null, null);

Provisioning Rule - Name - code sample

For the Name property of a Windows account, the following Provisioning Rule establishes the Name property of the Identity, where strips the domain name if it is an email address; removes space characters, if any; truncates the name to 6 characters; and then concatenates it in the beginning with a prefix determining the type of the account and in the end with a postfix determining the environment the account was created in.

Thus, the Name property of a Windows account is created, dependent on the Identity’s name and formatted according to the requirements.


var identityName = identity.Name;

if (identityName.Contains("@")) 
{       
        identityName = identityName.Substring(0, identityName.IndexOf("@"));
}

identityName = identityName.Replace(" ", "");
identityName = identityName.Length > 6 ? identityName.Substring(0, 6) : identityName;
identityName = identityName + "_test";

if (accountType == AccountType.Temporary) identityName = "tmp_" + identityName;
if (accountType == AccountType.Privileged) identityName = "adm_" + identityName;
if (accountType == AccountType.Firecall) identityName = "adm_s_" + identityName;

return identityName;

Leaver Rule - code sample

The Leaver Rule below shows an example of an established option out of the available ones in case of the Windows integration.


 return (AccountTerminationBehavior.Lock, null, null);