We are using a Delimited File Connector for Manual Provisioning of a system. Connected to the CSV-source we have an application with requestable access-profiles.
After a user requests access to an access profile within the application, the entitlement and access profile are not updating to the identity cube of the user, which is expected as it’s manual provisioning.
Our requirement is to assign/attach these access profiles, applications, entitlements to the user’s identity without the user having an account on CSV-source or without manual import of user into this CSV-source. Note: The user already has an identity created from the auth source.
Is there any way or workaround to attach access items to a user’s identity for a CSV-source without importing the flat file?
Hi @ayeshashahu ,
Once the access request is raised for a delimited source
Manual work Items will be created.
Admin has to add the access/create account for the user and update the csv of the delimited file as it is Manual Provisioning.
Then after marking workitem as completed and aggregation of the file , the access profiles will be visible from UI.
Note: Only closing work-items will not update user access.
With your steps I’m able to assign the access profile and application manually but is there any other automated way of doing so, like writing a workflow or so? Do we have any API to write the csv file automatically using workflow? Can you please let me know, you help would be very much appreciated.
Yes you can create a workflow to identify manual workitems and close them using APIs
Once the workItem is approved your request will be closed and your account should be created with the access profile assigned to the user.
You can try it out using postman once you start building workflow
HI @ayeshashahu ,
You can try as suggested by @udayputta .
In a use case I have implemented this exact requirement using custom soln. The solution I have implemented was :
Created a custom PowerShell script using the SailPoint SDK and scheduled it for a daily run.
Once a request is made in ISC, the script will use the GetWorkItems API to fetch all the work items created.
Then, it will segregate the items into create, add, remove, and certification remediation categories.
After that, it will close work items and it will generate a CSV file for add, remove, or create operations and finally aggregate it via the available API.
Hi @gourab ,
Thank you for your detailed response. Can you please guide me further on the below points:
What is the utility to execute this PowerShell script and does it need to be attached to the delimited life source.
Can you please share an example for the script.
Can you please let me know how the aggregation for the csv file will happen? Which API can be used, or do I need to go for the SQL loader to upload the csv file automatically?
Also, we want the above steps to be executed for users not having an account on the disconnected source where the entitlements are referenced from.
Hi @udayputta , Thank you for your reply, but we have the requirement where we don’t want to create a user account. Is it possible to add access profiles/applications to a user’s identity cube in that case?