Cloud Connectors - Entitlement Schema attribute not coming through

Identity Security Cloud (ISC) ISC Discussion and Questions
, , ,
1

Hey all,

I am creating a custom cloud connector using the Sailpoint CLI (Which is great btw!) and am trying to figure out why my entitlements aggregation isn’t showing my Description property in IDN!

Edit: I originally had images to accompany each of these steps but I appear to be limited to one image per post, so I have code blocks for a bunch instead now. Screenshots available upon request.

I have the following things in place and some screenshots to confirm, but in IDN my entitlements still don’t have a description!

  1. My connector-spec.json includes an attribute definition in my entitlementSchemas for an entitlement of type group.
"entitlementSchemas": [
		{
			"type": "group",
			"displayAttribute": "DisplayName",
			"identityAttribute": "GroupId",
			"attributes": [
				{
					"name": "GroupId",
					"type": "string",
					"description": "Unique Identifier (guid)"
				},
				{
					"name": "DisplayName",
					"type": "string",
					"description": "Display Name"
				},
				{
					"name": "Description",
					"type": "string",
					"description": "Description"
				}
			]
		}
	],
  1. My my-client.ts that has my client has an async method on my client that returns my entitlements
    async getAllGroups(): Promise<any[]> {
        return await this.getSomeGroups(undefined)
    }

    async getSomeGroups(nextToken: string | undefined): Promise<any[]> {
        let command = new ListGroupsCommand({
            IdentityStoreId: this.identityStoreId,
            MaxResults: 100,
            NextToken: nextToken
        })

        try {
            let response = await this.identityStore!.send(command)

            if (response.NextToken) {
                return response.Groups!.concat(await this.getSomeGroups(response.NextToken))
            } else {
                return response.Groups!
            }
        } catch (err) {
            console.log(`error: ${err}`)
            throw new ConnectorError(err)
        }
    }
  1. My index.ts has used my client method in the stdEntitlementList method and mapped my attributes, including description, for an entitlement of type group. Notably DisplayName and GroupID seem to be coming through fine, and I have added a logger call to confirm that what is coming out of my client calls includes my attribute.
        .stdEntitlementList(async(context: Context, input: StdEntitlementListInput, res: Response<StdEntitlementListOutput>) => {
            const groups = await myClient.getAllGroups()

            for (const group of groups) {
                logger.info(group.Description)
                res.send({
                    identity: group.GroupId,
                    uuid: group.GroupId,
                    type: 'group',
                    attributes: {
                        GroupId: group.GroupId,
                        DisplayName: group.DisplayName,
                        Description: group.Description
                    }
                })
            }
            logger.info(`stdEntitlementList sent ${groups.length} entitlements`)
        })
  1. When I run npm run dev and use postman to locally test I can see my logging confirm the presence of my description property of my group objects.
...
{"level":"INFO","commandType":"std:entitlement:list","message":"Group_983"}
{"level":"INFO","commandType":"std:entitlement:list","message":"Group_954"}
{"level":"INFO","commandType":"std:entitlement:list","message":"Group_991"}
{"level":"INFO","commandType":"std:entitlement:list","message":"Group_950"}
{"level":"INFO","commandType":"std:entitlement:list","message":"Group_956"}
{"level":"INFO","commandType":"std:entitlement:list","message":"Group_996"}
{"level":"INFO","commandType":"std:entitlement:list","message":"Group_998"}
{"level":"INFO","commandType":"std:entitlement:list","message":"Group_999"}
{"level":"INFO","commandType":"std:entitlement:list","message":"Group_997"}
{"level":"INFO","commandType":"std:entitlement:list","message":"stdEntitlementList sent 1004 entitlements"}
  1. I can also see in the api response during local testing that the data is present as well.
{
    "identity": "d4086498-10c1-70a9-c3dd-28caa2368d58",
    "uuid": "d4086498-10c1-70a9-c3dd-28caa2368d58",
    "type": "group",
    "attributes": {
        "GroupId": "d4086498-10c1-70a9-c3dd-28caa2368d58",
        "DisplayName": "Group_105",
        "Description": "Group_105"
    }
}
{
    "identity": "b468e478-2021-70bb-202f-26ac22da14a0",
    "uuid": "b468e478-2021-70bb-202f-26ac22da14a0",
    "type": "group",
    "attributes": {
        "GroupId": "b468e478-2021-70bb-202f-26ac22da14a0",
        "DisplayName": "Group_127",
        "Description": "Group_127"
    }
}
  1. But somehow I must be doing something wrong somewhere, because my descriptions aren’t showing up in IDN! Everything else seems to come through fine and I can see that my entitlement type is group but for some reason all of my Descriptions remain blank.
    idnMissing
    idnMissing2968×1276 241 KB

Any help is super appreciated, really excited about this cloud connector feature in the SailPoint CLI and see it as hugely enabling.

Thanks

Matt

1 Like
2

First of all, welcome to the community, and I’m so glad to see you using the new SaaS connectivity platform!

There are a couple of things that could be causing this.

This is likely happening because if you only use account aggregation to pull the information, then you will only see the entitlements that are assigned to accounts, but it does not pull other attributes like description. In order to see the other attributes, you need to view your source, then click on the “import data” tab, then select “entitlement aggregation” then click the “start” button next to manual aggregation. After you do this, the entitlements should be aggregated with all the extra details.

The other thing I noticed is that the description attribute name in your connector-spec.json should be lowercase. I’m not sure if that’s the issue, but it’s another thing to try to ensure it automatically gets provisioned into the description field. The other two fields case does not matter since you are explicitly tying them to the display and identity attribute.

1 Like
3

I lowercased description in my entitlementSchemas element for group, then also updated the index.ts response arguments attributes to reflect the casing change. After running another entitlement aggregation this seems to have done the trick!

Change to index.ts

...
        .stdEntitlementList(async(context: Context, input: StdEntitlementListInput, res: Response<StdEntitlementListOutput>) => {
            const groups = await myClient.getAllGroups()

            for (const group of groups) {
                res.send({
                    identity: group.GroupId,
                    uuid: group.GroupId,
                    type: 'group',
                    attributes: {
                        GroupId: group.GroupId,
                        DisplayName: group.DisplayName,
                        description: group.Description
                    }
                })
            }
            logger.info(`stdEntitlementList sent ${groups.length} entitlements`)
        })
...

Change to connector-spec.json

...
				{
					"name": "description",
					"type": "string",
					"description": "description"
				}
...

Result

fixed
fixed1786×1566 187 KB

Thank you!

2 Likes