Hello all,
The main requirement is:
Create a Consultant directly in Sailpoint via a custom Form (or interactive form). A manager should be able to create a consultant directly in sailpoint.
Before the user creation an approval step by a group X of user must be done.
To complete this requirement I have:
- Created a Source “Flat File” called “Consultants Source” that is Authoritative
- Created an Interactive Form call “Form Manual Creation Consultant”. In this form we ask the insert of name, surname and mail of the consultant.
- Created a Workflow with “Interactive Trigger” and “Action Interactive Form” that calls the form “Form Manual Creation Consultant”
First point - Check if the user already Exist and alert the form
I need to block the user creation of the consultant if an Identity with same name, surname and mail is present on sailpoint.
To to this I have the next block of the workflow that is “Get List of Identities” with Search Query:
attributes.firstname:"{{$.interactiveForm.formData.nameConsultantInserted}}" AND attributes.lastname:"{{$.interactiveForm.formData.surnameConsultantInserted}}" AND attributes.mail:"{{$.interactiveForm.formData.mailConsultantInserted}}"
This query seems to work fine but I don’t know how to alert the operator that a user already exist in the system and that they must insert different data.
I can use an block operator and a “Interactive Message” block but this can work only one time. I don’t know if the correct way is to use a loop operator that continue to show the same “Action Interactive Form” to the user if the identity already exist in the system. But I don’t know what variable write in the loop condition.
So this is the first blocking point.
Second point - Approval Step
How can I generate an approval step without the creation of a new custom form where I ask to proceed YES or NO ? Can I generate an approval step to generate an action visible in the standard Approval section of Sailpoint ?
Third point - Identity Creation
If the approval step is ok and the user does not exist in Sailpoint how can I create an Identity ? (In this case is an Account of the source “Consultants Source”)
The only way is to use the HTTP block of the Workflow to call the create Account Sailpoint API ? But to create an Account is Mandatory an Account ID and an Account Name !! How can I generate these 2 elements ?
Fourth point - UserID Generation
These Identity must be created in Sailpoint (source “Consultants Source”) with userID CONS_$firstLetterOfTheName.$Surname
How can I do this ? I need to use a transform in the Identity Profiles linked to the source “Consultants Source” ?
Extra point - Form Creation with drop-down menù with particular elements
In the form of Consultant Creation we want the name, surname and mail but also the external company of the consultant that can be selected in a drop-down menù. The list of external companies must be dynamic. We have a lot of external companies. How can do this ?
I have this idea but I don’t know if is the correct way to to this:
- Create a “Flat File” source called “External Companies” non authoritative.
- In this source create a schema entitlement called “externalCompany”
- Manual load in the file the list of external companies
- Run an aggregation
- For every company a new entitlement should appear in Sailpoint
- Edit the form of “Form Manual Creation Consultant” to add a Select-Field Drop Down menù with Option Type = Search , Category = Entitlements, Attribute to Display = Name and Search Query that filters only source “External Companies” (i don’t know for now the filter).
This is the only way to achieve this requirement ? I cannot populate this drop down menù in another way, for example via API ?
I don’t like to use Entitlement as list of string data. I think that an Entitlement is born to manage an autoritative profile and not static strings.
Thanks