Active Directory Account & group creation through API

Hello
I’m trying to create Active Directory accounts and groups using IIQ REST API but haven’t find documentation about those two actions.
Anyone had performed that before or have a link to the documentation describing how to do so ?
Many thanks :slight_smile:

Because both AD accounts and groups are provisionable objects in IIQ, you can CRUD by accounts and groups through standard provisioning plans.

If you’re trying to create them through the API, you can invoke a workflow that takes your input parameters and generates an appropriate provisioning plan, pushes it through LCM Provisioning and creates the desired object.

There’s a lot of different concepts involved in there and I don’t know that there is a single resource to describe how to do all of those different pieces. Looking at the LCM Workflows page (https://community.sailpoint.com/t5/Technical-White-Papers/Lifecycle-Manager-Workflows/ta-p/71301) can be a good start to understanding the workflow part with the LCM Provisioning workflow.

Here’s a description of a provisioning plan for AD group creation (as well as the required application change to enable group provisioning): https://community.sailpoint.com/t5/IdentityIQ-Forum/Trying-To-Provision-Active-Directory-Group/td-p/5709

Hope those start to point you in the right direction.

2 Likes

As Rich mentioned, you will be able to create account using Launch WF with REST API. Here is the documentation IIQ REST API

https://community.sailpoint.com/t5/Technical-White-Papers/IdentityIQ-REST-API-Integration/ta-p/76814#toc-hId--955481737

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.