tivolitivoli-identity-manager

Restrict User Id/Username in ITIM to not start from a given character


I want to restrict users from creating account such that they cannot create accounts starting with some character. For example if I say R, then user should not be able to create accounts like Rtest1 or Rrest123, but can create accounts like testR1. Where can I apply this check? I checked the invalid character constraints in design forms for account form, but that does not allow me to specify that character anywhere in the username for example if I give R then it won't allow testR1 too. I need something like String.StartsWith() in ITIM using some policy or custom javascript. Note:- I cannot use workflows for this.


Solution

  • So I found a solution for this using provisioning policy, I am posting the solution as a reference for others. Create a entitlement in PP for the service/s you want to apply this check on. Once done select that entitlement and click parameters to create a parameter enforcement for this entitlement. Select the attribute you want to enforce this check on (for me it was eruid) select enforcement type as mandatory and select javascript option. Enter the following script:-

    var accountId = parameters.eruid[0]; //gets the eruid
    //check if account start with Q
    if (accountId != null && accountId.length > 0 && (accountId.toLowerCase().substr(0, 1)=='q')) { 
        return accountId.substr(1,accountId.length-1) //remove the q from beginning and return the new id as a suggestion to user
    }
    return accountId; //or else return the same id
    

    This blocks user requests starting with q and does not allow you to submit add account requests. See the caption below:-

    enter image description here