I am in the process of putting together a collection in postman that will enable me to build an IDN environment from scratch (as far as possible).
I cannot find an API call to create an Identity Profile (including mappings and lifecycle states).
Is this API available/planned to be made available?
Hi Adrian,
Our V3 API doesn’t yet have support for managing identity profiles. I used my browser inspector to monitor the API calls that are being made in the identity profiles page, and discovered that the IDN GUI is using our private APIs to manage identity profiles. These APIs aren’t documented as they aren’t meant for production use by our customers. If I were you, I would only use our private APIs sparingly and for non production uses, as they can change or disappear at any time.
I’m glad you brought this to our attention so I can forward it to our product team. V3 is a work in progress and we are adding new endpoints frequently.
That being said, you can reverse engineer the API calls you need by monitoring the network calls in your browser. Here are some of the endpoints to get you started:
Create Identity Profile
POST https://{tenant}.api.identitynow.com/cc/api/profile/create
Form data: name=Test&sourceId=23012
List/Get identity profile to get profile ID for updates
GET https://{tenant}.api.identitynow.com/cc/api/profile/list
GET https://{tenant}.api.identitynow.com/cc/api/profile/get/{id}
Update Identity Profile
POST https://{tenant}.api.identitynow.com/cc/api/profile/update/{profileId}
Form data: {key=value&key2=value2}
Hi Colin, Many thanks for the quick reply and details of the private API. I shall use with caution!
Having used the provided API calls to Create an Identity Profile, I would add the following learnings:
- The process involves (at least) three API calls:
- call 1: create - just supply (in Form Data) the name you want to give the Profile + the Cloud Id (from URL) of the Source yo be used for Identities
- call 2: update - update the profiles to set the Mappings and Lifecycle States. Suggest using a pre-existing Identity Profile as the basis for the update. The update supports a payload in JSON format in the same schema as received in the profile get call.
- call 3: refresh - call the ‘refresh’ endpoint to update the Profile: {{idnBaseURL}}/cc/api/profile/refresh/{{identityProfileId}}
If your profile mapping reference transforms, these will need to have been created prior to building the Identity Profile.
Next step: building direct sources via API …
FYI, we now have an ideas portal where developers like you can submit and vote on ideas to improve our APIs. I went ahead and created an idea for this post at sailpoint.ideas.aha.io/ideas/API-I-1. Please check it out and vote for it!
I’m getting an error trying to get the Identity Profile.
Error 400 {
"msg_template": "Missing or invalid arguments: {0}",
"slpt_error_code": "SLPT-1000",
"formatted_msg": "(SLPT-1000) Missing or invalid arguments: id",
"exception_id": "17AD575F38B",
"errorDetail": [
{
"code": "min.notmet",
"field": "id",
"internalMsg": "Property [id] of class [class com.cloudmasons.SlptIdCommand] with value [0] is less than minimum value [1]",
"rejectedValue": 0
}
],
"error_code": 1000,
"exception_class": "com.cloudmasons.exceptions.SLPTInvalidArgException",
"exception_detail": {
"file": "ApiProfileController.groovy",
"method": "get",
"line_number": 74,
"class": "com.cloudmasons.ApiProfileController"
},
"http_response_code": 400,
"timestamp": "2021-07-23 22:21:54.955",
"exception_message": "(SLPT-1000) Missing or invalid arguments: id",
"arg_list": [
"id"
]
}
Hi @sailpoint,
Can you try via v1 call:GET - {{api-url}}/cc/api/profile/list
v3 call: GET-{{api-url}}/beta/identity-profiles/
Make sure you’re API-URL is in this format: tenant.api.identitynow.com
Also, make sure you’re using the correct ID depending on which one endpoint you’re using as well.
V1 takes the url (cloud) format while v3 uses a long GUID ID value.
-Tbui
I’m able to make this call GET - {{api-url}}/cc/api/profile/list and v3 call: `GET-{{api-url}}/beta/identity-profiles/
When I try to call an individual access profile in order to edit the lifecycle states it does not work.
I’m trying {api_url}/cc/api/profile/get/{Profile_id}
Profile id that I am using is the id when you go to admin>identities>identity Profiles. The number at the end of the url after clicking on the Identity Profile.
Is there a better way to get this info?
Hi @sailpoint ,
Most the information is already included in the V3 call. You just have to find the corresponding id of the cloudLifecycleState you’re trying to modify. It sounds like you’re trying to add more access profiles to the Advance LCS. Did you hit your 40 UI limit? You can try via api below:
PATCH - {{api-url}}/beta/identity-profiles/{{identityProfileID}}/lifecycle-states/{{lcsID}}
Content-Type is application/json-patch+json
Action is Enable/Disable
[
{
"op": "replace",
"path": "/accountActions",
"value": [
{
"action": "DISABLE",
"sourceIds": [
"AccessProfileIDs1",
"AccessProfileIDs2"
]
}
]
}
]
Hope that helps.
-Tbui
It doesn’t let me update the name.
Is there a way to delete the lifecyclestate from the Identity Profile?
were you able to fix this issue, even I am getting this error while trying to run account aggregation using API
Hello,
Have you noticed the API to export and import identity profiles?
Besides, to configure an environment from scratch, the recommended way would be to use SP-config endpoints to export a set of objects and import them in another environment: