Adding Entitlements flow in Web Service Connector

I’m finding it difficult to configure SailPoint to provision users with specific roles using a web service connector. The GET /users-and-roles API returns a “Roles” field with comma-separated values, which I’ve configured as entitlements. The valid values for “Roles” are “Active”, “Admin”, and “Supervisor”.

Ex:

{
"name": "Test",
"email': "email",
"roles": "active,admin,supervisor"
}

When provisioning a new user, I can make a POST API call with the user’s email, first name, and last name, and the user is assigned the “Active” role by default.

{
"firstName": "Test",
"lastName': "lastName",
"email": "$plan.nativeIdentity$"
}

To assign additional roles, I can include “admin” or “supervisor” fields in the request body with a value of 1.

{
"firstName": "Test",
"lastName': "lastName",
"email": "$plan.nativeIdentity$",
"admin":1,
"supervisor":1
}

However, I’m unsure how to configure SailPoint to pass these additional role assignments from the Access Profile to the provisioning plan and ultimately to the HTTP request. Can anyone offer guidance on how to achieve this?

:bangbang: Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.

You will have to append the request body in Before Operation rule.

Original request body set as below in UI

{
"firstName": "Test",
"lastName': "lastName",
"email": "$plan.nativeIdentity$"
}

Then, inside Before Operation rule

  • If request includes admin role, then insert “admin”:1 to the request body
  • If request includes supervisorrole, then insert “supervisor”:1 to the request body

To Add what @iamnithesh said :
Confirm that your API do account creations without any entitlement, if so:
Separate it in two different operations.

1 Like

Thanks for the response.

I am wondering how we can get hold of the request and retrieve if admin or supervisor role is being requested.

I see we only have these keywords available for us to use in the Java code in Before operation rule. Keywords (sailpoint.com)

Could you please tell me how we can read the request in the rule?

Thank you.