I’m currently working on a requirement related to the Joiner process. During the Joiner event, I need to retrieve some information from a specific source in order to generate an EmployeeNumber.
The challenge is that this Web Service doesn’t support aggregation or listing of all accounts — it only allows searching for a specific account or creating a new one.
What I need to achieve through Workflows is search for an existing account in that source based on an id attribute and, if the account does not exist, create it.
Has anyone implemented something similar or can share best practices or guidance on how to approach this scenario? (API calls are not reachable from the HTTPRequest operator because it is on-prem)
To retrieve accounts based on a searchquery, you can use a “Search query aggregate" using the parameter “innerHit” and precise “account” for the type parameter (Doc : search-aggregate | SailPoint Developer Community)
But you can’t create an account in a Webservice connector using API calls. This is only possible in the case of “Delimited file” connector :
A few questions to better understand the scenario and the reasoning behind the approach you proposed:
What is driving the need to use a workflow for this process?
What is the rate of change in user data in this source you’re attempting to manage?
Is there an application or infrastructure team responsible for maintaining the Web Service source in the backend?
If such a team exists, do they manage the account data directly on that system outside of SailPoint?
Will the backend team continue administering and updating the system outside of SailPoint after the Web Service source is integrated, or is the intention for SailPoint to become the primary system of management going forward?
Can that team generate and provide a full export of all existing accounts (e.g., CSV) on a recurring basis?
Is this Web Service source the same system that stores the employee numbers and the one you want SailPoint to create accounts in?
to find an account in a source based on the nativeIdentity and source name. query param will look like
filters=nativeIdentity eq “” and source.displayableName eq “SOURCE NAME“
This will return an array in the response and if the size of the array is zero, then the account does not exist and you can call the API to create an account in the target system
thanks for your reply, but the API Call to request to create an account is not calling to the target system, it is working like a delimited file connector. any suggestion to call the provisioning call?
