Adding Entitlements flow in Web Service Connector

sita_ram · May 16, 2024, 4:05pm

I’m finding it difficult to configure SailPoint to provision users with specific roles using a web service connector. The GET /users-and-roles API returns a “Roles” field with comma-separated values, which I’ve configured as entitlements. The valid values for “Roles” are “Active”, “Admin”, and “Supervisor”.

Ex:

{
"name": "Test",
"email': "email",
"roles": "active,admin,supervisor"
}

When provisioning a new user, I can make a POST API call with the user’s email, first name, and last name, and the user is assigned the “Active” role by default.

{
"firstName": "Test",
"lastName': "lastName",
"email": "$plan.nativeIdentity$"
}

To assign additional roles, I can include “admin” or “supervisor” fields in the request body with a value of 1.

{
"firstName": "Test",
"lastName': "lastName",
"email": "$plan.nativeIdentity$",
"admin":1,
"supervisor":1
}

However, I’m unsure how to configure SailPoint to pass these additional role assignments from the Access Profile to the provisioning plan and ultimately to the HTTP request. Can anyone offer guidance on how to achieve this?

Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.

iamnithesh · May 16, 2024, 5:10pm

You will have to append the request body in Before Operation rule.

Original request body set as below in UI

{
"firstName": "Test",
"lastName': "lastName",
"email": "$plan.nativeIdentity$"
}

Then, inside Before Operation rule

If request includes admin role, then insert “admin”:1 to the request body
If request includes supervisorrole, then insert “supervisor”:1 to the request body

ipobeidi · May 16, 2024, 5:50pm

To Add what @iamnithesh said :
Confirm that your API do account creations without any entitlement, if so:
Separate it in two different operations.

sita_ram · May 30, 2024, 4:29pm

Thanks for the response.

I am wondering how we can get hold of the request and retrieve if admin or supervisor role is being requested.

I see we only have these keywords available for us to use in the Java code in Before operation rule. Keywords (sailpoint.com)

Could you please tell me how we can read the request in the rule?

Thank you.

system · July 29, 2024, 4:29pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Provisioning using Web Service Connector and APIs: How to Add Entitlements with Individual API Calls ISC Discussion and Questions webservice-connector , identity-security-cloud , provisioning	6	75	December 16, 2024
Webservice UpdateAccount operation overriding existing entitlements ISC Discussion and Questions webservice-connector , identity-security-cloud , provisioning	7	367	June 2, 2024
Web service Add Entitlement operation ISC Discussion and Questions identity-security-cloud	2	352	August 7, 2023
How to add multiple entitlements to Create Account IIQ Discussion and Questions webservice-connector	6	1067	July 19, 2023
Create new provisioning plan in before provisioning rule ISC Discussion and Questions webservice-connector , rules , identity-security-cloud , provisioning , entitlements	1	56	December 24, 2024

Adding Entitlements flow in Web Service Connector

Related topics