Access Profiles from Delimited Source

Hi Team,

We are using a Delimited File Connector for Manual Provisioning of a system. Connected to the CSV-source we have an application with requestable access-profiles.

After a user requests access to an access profile within the application, the entitlement and access profile are not updating to the identity cube of the user, which is expected as it’s manual provisioning.

Our requirement is to assign/attach these access profiles, applications, entitlements to the user’s identity without the user having an account on CSV-source or without manual import of user into this CSV-source. Note: The user already has an identity created from the auth source.

Is there any way or workaround to attach access items to a user’s identity for a CSV-source without importing the flat file?

All help is much appreciated, thank you.

@colin_mckibben Highly appreciate your help for any possible solutions. Thank you.

Hi @ayeshashahu ,
Once the access request is raised for a delimited source

  1. Manual work Items will be created.
  2. Admin has to add the access/create account for the user and update the csv of the delimited file as it is Manual Provisioning.
  3. Then after marking workitem as completed and aggregation of the file , the access profiles will be visible from UI.
    Note: Only closing work-items will not update user access.

Hi @gourab ,
Thanks for replying.

With your steps I’m able to assign the access profile and application manually but is there any other automated way of doing so, like writing a workflow or so? Do we have any API to write the csv file automatically using workflow? Can you please let me know, you help would be very much appreciated.

Thank you

Yes you can create a workflow to identify manual workitems and close them using APIs

Once the workItem is approved your request will be closed and your account should be created with the access profile assigned to the user.
You can try it out using postman once you start building workflow

HI @ayeshashahu ,
You can try as suggested by @udayputta .
In a use case I have implemented this exact requirement using custom soln. The solution I have implemented was :

  1. Created a custom PowerShell script using the SailPoint SDK and scheduled it for a daily run.
  2. Once a request is made in ISC, the script will use the GetWorkItems API to fetch all the work items created.
  3. Then, it will segregate the items into create, add, remove, and certification remediation categories.
  4. After that, it will close work items and it will generate a CSV file for add, remove, or create operations and finally aggregate it via the available API.
1 Like

Hi @gourab ,
Thank you for your detailed response. Can you please guide me further on the below points:

  1. What is the utility to execute this PowerShell script and does it need to be attached to the delimited life source.
  2. Can you please share an example for the script.
  3. Can you please let me know how the aggregation for the csv file will happen? Which API can be used, or do I need to go for the SQL loader to upload the csv file automatically?

Also, we want the above steps to be executed for users not having an account on the disconnected source where the entitlements are referenced from.

Your help will be much appreciated. Thank you.

Hi @udayputta , Thank you for your reply, but we have the requirement where we don’t want to create a user account. Is it possible to add access profiles/applications to a user’s identity cube in that case?

No Ayesha, It will not be possible to assign access profile without creating an account from the source where access profile holds the entitlements.

1 Like

Hi @ayeshashahu ,
I have used SailPoint powershell SDK for it : PowerShell SDK | SailPoint Developer Community
It has all the functions to call aggregation etc(For aggregation Invoke-AccountAggregation was there previously.)

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.