Assistance Needed for Webservice Connector - Create Account Operation

Hi Experts,

I am working on the create account operation of the webservice connector and currently facing some difficulties.

  1. There is a new joiner and an identity cube has been created.
  2. Account and group type entitlements of the target source have been aggregated successfully.
  3. The target source generates a unique ID when an account is created, which is different from the identity’s UID.
  4. There is a separate API to update entitlements using this generated ID.
  5. I am having trouble implementing the step where the generated target source ID is used to add entitlements.

I have searched for various solutions mentioned in the ISC discussion and obtained advice on implementation methods such as:
a. Creating two ‘Create Account’ operations, first operation returning $response.ID$, and then second operation calling the entitlement addition endpoint API.
b. When Create Account operation finished, call single account aggregation using parent endpoint setup.

Here are my questions:

Q1. In the target source account schema, how should the Account ID be set?
Should it be configured the same as the HR ID, or should it be set as the target source ID?
The account correlation should definitely be tied to the identity UID.

Q2. In the Create Account HTTP Operation, it appears that the identity attribute information required for account creation and the all Entitlement values are both payloaded to the plan according to the provisioning policy.
However, since there is a separate endpoint for adding entitlements with the issued ID after the account is created, how can the API calls for account creation and entitlement addition requests be managed separately?

Any advice on how to resolve this situation would be greatly appreciated.

Regards,

I may be misunderstanding the required endpoints, but you may just need a single create account operation, entitlement add operation, and get object operation. These will be three separate operations.

If the generated ID is returned in the create account response, you can map that to an account attribute. The Account ID should be the unique generated ID account attribute. You can define the correlation logic from any account attribute to the identity UID.

In the entitlement add request, you can use $plan.nativeIdentity$ for the generated ID that was mapped from the create account operation. This will pull the account attribute set as the Account ID. In the body of this request, you can use $plan.<account-attribute>$ (where you replace <account-attribute> with the account attribute used for the entitlement).

On a Web Services connector, the operations will run as follows:

  1. Create Account Operation
  2. Add Entitlement Operation (depending on how many entitlements are added during creation, this may fire multiple times)
  3. Get Object Operation

Note: Be sure to order the Get Object operation after the others in the operation configuration page.

1 Like

Hi Braden,

Thank you for your advice. I will proceed with the setup as per your suggestions and will update you with any progress.

Regards,

Hi Braden,

I configured account schema, http operation as you guided and it works.
I appreciate your assistance.

Regards,

3 Likes

Hi @bcariaga how are u?

And what to do if generated ID is not returned in the create account response?

My create endpoint after create operation only returno a empty object

Hello @denanife,

I’m doing good. I hope you are as well. This is an interesting yet tricky use case. I’d recommend opening a new topic for this as it is different than this and this has already been solved. Once a new topic is opened, others can more easily find the help specific to their issues if they run into this.

Please tag me and I can provide some input to this.

Thanks @bcariaga I opened:

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.