You have 2 options deploy a custom connector made by Sailpoint(GitHub - sailpoint-oss/colab-saas-conn-identitynow-management: Loopback connector to manage IdentityNow like any other managed system. Allows to manage user levels, governance groups and identity status.) or made one creating a WebServices Source.
I receive some errors when deploying the sailpoint connector so o choose to do with WebServices:
base config:
https Operations:
"connectionParameters": [
{
"contextUrl": "/v3/public-identities",
"httpMethodType": "GET",
"pagingInitialOffset": 0,
"pagingSize": 50,
"sequenceNumberForEndpoint": "1",
"uniqueNameForEndPoint": "TestConnection",
"curlEnabled": false,
"header": {
"Accept": "application/json"
},
"operationType": "Test Connection",
"body": {
"bodyFormData": null,
"jsonBody": null,
"bodyFormat": "raw"
}
},
{
"httpMethodType": "GET",
"pagingInitialOffset": 0,
"sequenceNumberForEndpoint": "2",
"uniqueNameForEndPoint": "GetAccounts",
"rootPath": "$.[*]",
"body": {
"bodyFormData": null,
"jsonBody": null,
"bodyFormat": "raw"
},
"paginationSteps": "$sysparm_limit$ = 250\nTERMINATE_IF $RECORDS_COUNT$ < 1\n$sysparm_offset$ = $sysparm_offset$ + $sysparm_limit$\n$endpoint.fullUrl$ = $application.baseUrl$ + \"/beta/identities?limit=250&offset=\" + $sysparm_offset$",
"responseCode": [
"2**"
],
"resMappingObj": {
"id": "id"
},
"contextUrl": "/beta/identities?limit=250&offset=0",
"pagingSize": 250,
"curlEnabled": false,
"operationType": "Account Aggregation"
},
{
"resMappingObj": {
"uid": "uid",
"displayName": "displayName",
"roles": "capabilities.[*]",
"name": "name",
"alias": "alias",
"email": "email"
},
"contextUrl": "/v3/auth-users/$response.id$",
"httpMethodType": "GET",
"pagingInitialOffset": 0,
"pagingSize": 50,
"sequenceNumberForEndpoint": "3",
"uniqueNameForEndPoint": "Aggregation By Id",
"curlEnabled": false,
"operationType": "Account Aggregation",
"body": {
"bodyFormData": null,
"jsonBody": null,
"bodyFormat": "raw"
},
"responseCode": [
"2**"
],
"parentEndpointName": "GetAccounts"
},
{
"resMappingObj": {
"displayName": "displayName",
"name": "name",
"description": "description",
"value": "value"
},
"contextUrl": "/v3/search?offset=0&limit=50&count=true",
"httpMethodType": "POST",
"pagingInitialOffset": 0,
"pagingSize": 50,
"sequenceNumberForEndpoint": "4",
"uniqueNameForEndPoint": "Role Aggregation",
"curlEnabled": false,
"operationType": "Group Aggregation",
"rootPath": "$.[*]",
"body": {
"bodyFormData": null,
"jsonBody": "{\"query\":{\"query\":\"source.name.exact:IdentityNow AND attribute:assignedGroups\"},\"indices\":[\"entitlements\"],\"includeNested\":false,\"sort\":[\"source.name\"]}",
"bodyFormat": "raw"
},
"responseCode": [
"2**"
]
},
{
"contextUrl": "/v3/auth-users/$plan.nativeIdentity$",
"httpMethodType": "PATCH",
"pagingInitialOffset": 0,
"pagingSize": 50,
"sequenceNumberForEndpoint": "5",
"uniqueNameForEndPoint": "Add Role",
"curlEnabled": false,
"header": {
"Content-Type": "application/json-patch+json"
},
"operationType": "Add Entitlement",
"body": {
"bodyFormData": null,
"jsonBody": "[\n {\n \"op\": \"replace\",\n \"path\": \"/capabilities\",\n \"value\": [\"$plan.roles$\"]\n }\n]",
"bodyFormat": "raw"
},
"responseCode": [
"2**"
]
},
{
"contextUrl": "/v3/auth-users/$plan.nativeIdentity$",
"httpMethodType": "PATCH",
"pagingInitialOffset": 0,
"pagingSize": 50,
"sequenceNumberForEndpoint": "6",
"uniqueNameForEndPoint": "Remove Entitlement",
"curlEnabled": false,
"header": {
"Content-Type": "application/json-patch+json"
},
"operationType": "Remove Entitlement",
"body": {
"bodyFormData": null,
"jsonBody": "[\n {\n \"op\": \"remove\",\n \"path\": \"/capabilities\",\n \"value\": [\"$plan.roles$\"]\n }\n]",
"bodyFormat": "raw"
},
"responseCode": [
"2**"
]
}
]
The only problem is with the Patch Role, this connector do not append Roles and when revoking it will revoke all roles and the user will return to be a normal User.
Let me know if works for you!