Authentication Requirement Before API Execution for Integration with Talenta Mekari

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

I would like to request assistance regarding an integration issue between SailPoint and the Talenta Mekari application using Webservices SaaS SailPoint Identity Security Cloud (ISC).

Currently, we are facing a challenge because the Talenta Mekari API requires an authentication step before any endpoint can be executed. The authentication process must generate a dynamic signature and timestamp, which must be attached to every API request.

Based on our understanding, this type of authentication flow would normally require a beforeOperation rule (or an equivalent mechanism) to insert the authentication script before the connector triggers the API call. However, we cannot find a supported way to implement this in SailPoint ISC.

Issue Summary

  • We are integrating SailPoint ISC with Talenta Mekari API.
  • Talenta requires an authentication process prior to hitting any API endpoint.
  • The authentication requires generating a dynamic signature and date (ISO8601 / GMT format).
  • We need to dynamically insert these into request headers before the API call is executed.
  • SailPoint ISC currently does not provide a visible option for beforeOperation rule or similar capability.

Request for Support

Could you please advise:

  1. Is there a supported method in SailPoint ISC to perform authentication or script execution before the API request is sent?

  2. Is there an alternative mechanism (e.g., Transform, Inline Script, External REST Auth Profile, or Custom Connector support) that can handle dynamic signature generation for this type of integration?

  3. If not supported, is there any recommended approach or workaround for this authentication requirement?

Any guidance or best practices for handling pre-authentication steps in SailPoint ISC will be greatly appreciated.

2

Hi Rizal,

It sounds like this could be resolved by using Custom Authentication: Custom Authentication

Set up a custom authentication operation in your HTTP request page. Set the response mapping to take the items from your authentication step and store it on the connector (e.g., customAccessToken). This can then be used in the Headers for subsequent requests like account aggregation and creation.

In the event that doesn’t work, you can work with a Connector Rule (not cloud rule). Details on a WebService ‘before operation’ rule is available below, along with instructions on how to add this to your source Web Services Before Operation Rule | SailPoint Developer Community

3

Hi @margocbain ,

Thank you for your response. I don’t think custom authentication will work for my situation.

4

Hi @rsobar ,

In this case, you can utilize Customizers for SaaS-based connectors to handle the requirement.

Also, could you please confirm if there is any specific reason for using the Web Services SaaS connector? For the above use case, it can also be handled using a beforeOperation rule if you are working with the Web Services connector.

Additionally, please refer to the following documentation on Customizers, where you can implement logic similar to beforeOperation and afterOperation rules.

Thank you.