I’m trying to onboard an application into ISC (Identity Services Connector) for end-to-end user provisioning and deprovisioning. And i am very new to this process I don’t know from where to start.
The goal is:
A user or manager submits a request through a ServiceNow form to add or remove access to the application.
That request is sent to ISC.
ISC checks the request and automatically provisions or deprovisions access for the user in the application.
The application team should not have to manually handle access — ISC handles it automatically (whether it’s a web app or another type of system).
My questions are:
Is there a common or standard way to onboard all types of applications to ISC, or does it depend on the application type?
Is using a REST API a common approach for integration? What are the impacts or limitations of using REST APIs for this purpose?
Is it possible to do this without using REST APIs? What are the alternatives?
Is developer involvement or coding required during the onboarding of an application into ISC?
Yeah, the way applications are connected to ISC is specific to the type of application you’re integrating. They use different connectors. If you’re new to the process, you can check out Identity University - On-demand and instructor-led for a bunch of free training that would give you all the info you need.
In the meantime, if you share what type of application you’re connecting we can likely guide you more. Automated provisioning and deprovisioning is a very common use case that can be implemented if your REST API supports CRUD operations that you can call.
Is there a common or standard way to onboard all types of applications to ISC, or does it depend on the application type?
–> There is no one common way to onboard. It does depends upon application type, whether OOTB connectors are available. if no OOTB connectors are available, then, whether it has got any webservices exposed? If no web services, then, last resort is to do it through disconnected approach either using Flat File (through SQL Loader), or ServiceNow, etc
Is using a REST API a common approach for integration? What are the impacts or limitations of using REST APIs for this purpose?
–> Yes, its a common approach of using REST APIs for integration in ISC through OOTB “WebService Connector“. The limitations will depend upon the API architecture of the respective source application, lets say if there is a single API which can get you details of all users, perform all CRUD operations, then, the implementation through OOTB Web service connector would be easy. But, if the API structures are complex where multiple calls has to be made to source end points, that’s were your complexity increases and eventually the performance is impacted. Also, you might require usage of Webservice connector rules in such cases.
Is it possible to do this without using REST APIs? What are the alternatives?
–> Yes, use a disconnected approach i.e using ServiceNow connector for raising any manual tasks tickets, using ISC which will raise the manual tasks to source owners, provision the data in a flat file using SQL Loader connector.
Is developer involvement or coding required during the onboarding of an application into ISC?
–> Yes, it depends. If the web service based source is complex one, the, coding of connector rules, cloud rules, powershell scripts, usage of POSTMAN, etc. would be required where some sort of coding and developers involvement is required for sure.