Hi,
As per the Azure connector guide of IIQ, the createSchema API needs to be used to create the schema
https://developer.sailpoint.com/idn/api/beta/create-schema/
but this page seems not accessible, what would be the new location of this application.
Thanks,
Abhishek
Hey Abhishek, hope you and the team are doing well!
The referenced createSchema
API is only relevant for IDN, not for IIQ. For IIQ, you will need to manually add those schemas to the app via the IIQ Debug Page. For upgrades/patches that have this kind of manual update required, I generally use the following process:
- Spin up a sandbox running the latest IIQ version (e.g. 8.3p2)
- Create a new application in the sandbox (AzureAD in this case) and configure the settings I want
- Save the application and grab the app XML (via Debug or console export)
- Diff the XML from #3 to the app XML in your repo, and port over any changes (new schemas, new schema attributes, new config attributes, etc.)
- Deploy the XML updated in #4 to a non-prod environment and test the updated configuration.
If all you need is the scemas for those 2 new object types, here they are, but I’d still suggest going through the process above as it’s definitely possible some config updates might also come into play to get the desired functionality (like provisioning templates to create and update these new objects):
<Schema aggregationType="group" descriptionAttribute="displayName" displayAttribute="displayName" identityAttribute="objectId" instanceAttribute="" nativeObjectType="servicePrincipal" objectType="servicePrincipal">
<AttributeDefinition name="displayName" type="string">
<Description>ServicePrincipal name</Description>
</AttributeDefinition>
<AttributeDefinition name="servicePrincipalType" type="string">
<Description>ServicePrincipal type</Description>
</AttributeDefinition>
<AttributeDefinition name="objectId" type="string">
<Description>ServicePrincipal ID</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="owners" type="string">
<Description>ServicePrincipal Owners</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="appRoles" type="string">
<Description>ServicePrincipal Roles</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" descriptionAttribute="displayName" displayAttribute="displayName" identityAttribute="objectId" instanceAttribute="" nativeObjectType="servicePlan" objectType="servicePlan">
<AttributeDefinition name="objectId" type="string">
<Description>Unique identifier for the service plan which is a combination of skuId and servicePlanId separated by colon (:).</Description>
</AttributeDefinition>
<AttributeDefinition name="skuId" type="string">
<Description>Unique identifier (GUID) for the License Pack.</Description>
</AttributeDefinition>
<AttributeDefinition name="skuPartNumber" type="string">
<Description>The SKU part number of the License Pack. For example, AAD_PREMIUM.</Description>
</AttributeDefinition>
<AttributeDefinition name="appliesTo" type="string">
<Description>Object types to which the license pack can be assigned. For example: User, Company.</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>Display name of service plan which is a combination of skuPartNumber and servicePlanName separated by colon (:).</Description>
</AttributeDefinition>
<AttributeDefinition name="servicePlanId" type="string">
<Description>Unique identifier of the service plan.</Description>
</AttributeDefinition>
<AttributeDefinition name="servicePlanName" type="string">
<Description>The name of the service plan.</Description>
</AttributeDefinition>
<AttributeDefinition name="provisioningStatus" type="string">
<Description>The provisioning status of the service plan.</Description>
</AttributeDefinition>
</Schema>
thanks I was looking for schema for object types like subscription, resource group, role , but then I read 8.3p2 document, and it is mentioned that those comes with CAM license only
1 Like