Hi team,
We have an integration where we perform provisioning using SOAP web services. As the client didn’t provide us with aggregation APIs, we are trying to use a JDBC connector to perform account aggregation.
I understand that this will work for full aggregation. My question is how will the provisioning operations work if I don’t have a Get object operation on my web service connector? Would a workaround such as performing a JDBC aggregation in an after operation rule work?
I love this requirement, I often see it in Microsoft Identity Manager, not in SailPoint world.
You can make API calls in JDBC Provisioning rule. So have only JDBC source and instead of having SQL query to insert records make an API call
Ya, this is better than JDBC Code in WebService Rules.
Really a interesting use case. If the client did not provide aggregation endpoints, how will you know which access should be made as requestable. If you are using JDBC source entitlements to be requested then the provisioning would be sent to that source instead of WebService Source.
If this is the case I was thinking you can also use a BPR rule to create an account request for WebService source and provision the access by using the connector without much customization. Here one question would be what will happen to the JDBC account request in the plan. I think that should be removed and plan should be returned only with webservice account request.
The webservice connector contains the entitlements. I would also have to do the entitlements API calls within a rule, so I only use the JDBC connector.
This is a good approach to have the Single account aggregation and not wait for full aggregation to read the provisioning changes.
Thanks for the answers!
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.