Update First Name and Last Name from Full Name


My Identity Vault consist of 5000 user objects with Full Name (User's Full Name) and Last Name (fixed : Novell).

What's the best way to perform the following:-

(1) Loop all the users

(2) Read Full Name

(3) Split Full Name and write back to Given Name and Last Name

Which driver I should use ? 

(i) Loopback

(ii) NULL

(iii) Workorder







  • I would use the null driver.
    Easiest would be to act on a migrate but you could use a job as an alternative.

    Good luck
  • I would use the null driver.
    Easiest would be to act on a migrate but you could use a job as an alternative.

    Good luck
  • My personal preference is to do what I call  a Toolkit rule in a Null driver.


    I wrote about this approach a fair bit.


    (Those are the old URL's they should autoredirect to the new Community based links)

    Basically some trigger (I like description in existing drivers, or floor in new drivers) with a specific value calls for an action.  Pick apart the value to set a target, so I would use 42rgeoffc  in my trigger attribute, where 42 means do this name splitting task.  r means report (so do the calc, trace it out to trace or file) and geoffc is the target object. (Then 42d* would be do it to * (everyone)).


    This way I have fine tuned control and could do a* b* ad so on to break it up and redo it on a user if needed, and report on all those to see if there are some crazy exceptions I should worry about..

  • Go with loop back driver to iterate and adding the attributes..
    Else prepare a ldif and import it which will be simple..
  • You are going to hit a moderate amount of edge cases, surnames that are two ore more words like De Silva or the various dutch variants like Van de Berg / van den Berg / van der Berg. 

    If you go with the strictest definition of surname being only one word, you might irritate a number of users.

    Another irritating gotcha. Full Name is max 128 chars yet Given Name is only 32 chars (often way to few if you choose to go with the strict rule, just last word is surname). Surname is a more helpful 64 characters long.

    To answer your question, Null is far the easiest driver to get started with. You could use a job, or you could just abuse an unused attribute (check it is not used anywhere else in the solution). Add that attribute to the Null driver filter and use a LDAP tool to set it to a value on all users. Then construct your logic to split the full name.

    As for splitting the full name, possibly the easiest way is to:
    1. Set a local variable (name vFnSplitNS, scope policy, type nodeset) to split (delimiter space or maybe /s - as delimiters can be regex) on token-attribute Full Name

    2. Set a local variable (name vSurname, scope policy, type string) xpath to select $vFnSplitNS[last()]
    - that is your surname
    3. There are several ways to get the remainder (the given name) - will leave you to work that out.

  • I use, in similar cases, a null driver with a specific job, that generated trigger event (like Geoffrey suggested).

    >My Identity Vault consist of 5000 user objects with Full Name (User's Full Name) and Last Name (fixed : Novell).

    From the beginning, I think, that you can use your current LastName info for slittingFullName info to Fist and Last name portions, but when I read your message carefully, I understood that you don't really have valid LastName info (fixed: Novell).

    Do you have any reliable splitter in your FullName info?

    (For example, "old" PeopleSoft systems didn't have separate fields for First/Last Names, but in a number of implementations, I saw, that they use comma (,) as a separator. (FirstName, LastName).

    Otherwise, you will need to create special logic based on the number of words in the "Full Name".

    2 words - FirstName, LastName

    3 words - FirstName, MiddleName, LastName

  • Well, in my case the Full Name is based on a Malay's naming such as Mohd Kassim Bin/Binti Kamad. So my separator would Bin or Binti.

    I had done using online Regex to split the Fullname to Given Name and Last Name, but wonder how to do it in IDM Policies.

    var reName = /([a-zA-z\s]*)\s[Bin|bin|Binti|binti|bt.]*\s([a-zA-z\s]*)/;

    var fullName = prompt("Full name #1:", "Muhammad Syafwan bin Gustaf");
    var matches = fullName.match(reName);
    var firstName = matches[1];
    var lastName = matches[2];



  • Great, you have "online" code that does this magic.

    Next step is to create ECMA function with this functionality and call it from your policy.

  • Hi,

    I had managed to get the result via NULL Driver with trigger attribute as suggeste for a start.

    Then I started to add condition for trigger using a Job which run manually.

    <if-operation mode="nocase" op="equal">trigger</if-operation>

    <if-op-property mode="nocase" name="source" op="equal">FixITJob</if-op-property>

    Screenshot 2019-08-27 at 8.34.52 AM.png

    Created a job under Null Driver called FixITJob will the following configuration.

    Screenshot 2019-08-27 at 8.35.24 AM.png

    Screenshot 2019-08-27 at 8.40.12 AM.pngScreenshot 2019-08-27 at 8.39.56 AM.png


    However if I manually run the Job in IManager, I didn't see any event in dstrace at all. I am not familiar with job at all, any insights ?


  • YOu have "Submit a trigger document for objects without an association"  as false, but it is unlikely that any of your objects are associated to this new Loopback driver.

    Also, I would not send a trigger for every child object I would send but a single Trigger doc especially if you use my approach (code42 I see) since that is not about the object with the evennt, rather it is an event that causes pre-set stuff to happen.