Connector Rules For OOB Connectors

Identity Security Cloud (ISC) ISC Discussion and Questions
, , ,
1

Hi Team,

I want to create a rule that executes before the creation of the account for Coupa OOB Connector (VA Based).

Which rule type should I use for OOB connectors?

Thanks,
Siva

2

You don’t have any connector Rule for Coupa, only option is Before Provisioning Rule which is Cloud Based.

What is your requirement of using before Rule here ?

3

Thanks Krishna for your response.

Coupa accounts are created from a HR integration today (All the basic access is provided by HR system itself). App team don’t want to disturb that process. They only want the additional coupa access to be provisioned by Sailpoint.

We use our internal support portal to be the entry point for all the access requests. So, the tool doesn’t support to check where the user has account before firing the access request. Support portal calls the sailpoint API to submit the access request for the Access Profile user requested. We can’t perform additional development on the support portal side today as it requires external team support.

Looking for a way where we can stop the provisioning on the sailpoint side if the user doesn’t have a coupa account. Appreciate your insights.

4

I understand, if you would have used IDN Request Center, then you can use segments to control this behavior allowing for only uses who has account already.

You can use Workflow to cancel the request, with trigger Access Request Submitted.

Doesn’t matter from where you are firing the Request (Request center or a custom portal), it has to go through IDN Provisioning Process.

Do you have workflows enabled in your tenant ?

5

Unfortunately, we don’t have workflows enabled in our tenant.

6

Then only option is Before Provisioning Rule, you can use Service Standard Before Provisioning Rule as well which has code for lot of use cases developed by SailPoint.

IdentityNow Mock Project - Services Standard BeforeProvisioning Rule - Compass

You can submit support ticket to SailPoint for deploying this Rule in your tenant, after deploying you need to add below config to your source config.

"cloudServicesIDNSetup": {
            "eventConfigurations": [
                {
                    "eventActions": [
                        {
							"Action": "ThrowError",
							"Attribute": null,
							"Value": "Identity is in invalid state. Stopping provisioning."
						}
                    ],
                    "Operation": "Create"
                }
            ]
        },
1 Like
7

Thanks for the clarity, Krishna! I have a couple more questions about this — sorry if they’re basic, I’m still relatively new to SailPoint.

  1. How can I restrict this before-provisioning rule to only apply to a specific source?
  2. How do I add the config you shared to the source config?
8

Of course, you need to add Rule to every source if you need.

You can patch a source with an API call, or it is easy with VSCode

2 ways

  1. Using API, check this doc: Connector Executed Rules | SailPoint Developer Community

image
image946×492 20.2 KB

  1. Using VSCode Extension, it is easy to work with VS Code extension, for this you need to download and setup Visual Studio Code (VSCode) first and then add ISC extension, then add your tenants.
2 Likes
9

Thank you so much for all the assistance, Krishna! I will try the suggested approach and will update the post.

10

Thank you so much, @MVKR7T! The solution suggested worked.

1 Like
11

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.