Hello, I’m trying to develop a process where Admin accounts should be created automatically in SailPoint Identity Now.
Could anyone please advise how this can be accomplished.
The admin account configuration wrt Active Directory,
-a accounts should have below items by default assigned to AD account.
(Object) OU: organiation_name/Admin Users/user -a
Security groups: Domain Users
Should part of source: (Admin user)
Please let me know if further information is needed.
Thanks in advance!
You can use the following API to change the User level of an identity
{{baseUrl}}/v3/auth-users/:id
with PATCH request and body as below:
[
{
"op": "replace",
"path": "/capabilities",
"value": ["ORG_ADMIN"]
}
]
To automate the process you can create a workflow that will send a request to this API with id of the identity.
Our requirement is to create a new Identity with admin access, with the specified objects mentioned in my initial statement.
Hi Pramod,
First you need to create the SailPoint Identity as mentioned by @iamology. Then you can trigger AD account creation using automatic role assignment and create account in specific OU and add it in required SG group.
To create an Identity you need an account added to the Auth source. You can do this using the following API:
Once account is added, you can run an account aggregation using the following API
that will create an identity with “USER” access
Now use the API from above post to promote the identity to ORG_ADMIN.
After this you can create an account in AD using birth right role, Identity lifecycle state, or a workflow
Hi Pramod,
Did you try using IDN Management Connector and than provision accounts via standard birthright provisioning?
Thanks for the response!
How can we automate this for every new Identity created with Admin privileges?
Create a Policy and update to AD-Admin source connector?
Please advise.
Thanks in advance!