Custom Attribute in SailPoint IDN

Hi All,

I am working on integrating Oracle Fusion ERP with the SailPoint IDN using the OOTB connector. The team has a particular requirement to store the information “Last Login”. This is not a default value provided, so the team has developed an API to which I could make a call to fetch this detail.

To do this I checked the SailPoint V3 APIs, however I was not able to do this. If it was IIQ I could also store it in a custom object.

So my question is is there anyone who tried this in IDN? Or is there any way to store this information in the IDN?

@ZeelSinojia01

If possible try to create another web service source that can get the “Last Login” from ERP system for a user and then store that value on the identity attribute.

Also do check out below V3 API

Update account

1 Like

@zeel_sinojia - Can you double check which connector you are using?

I see that the options should be:
Oracle Fusion HCM Accounts
Oracle Fusion HCM Accounts SaaS
Oracle ERP Cloud
Oracle ERP Cloud SaaS

Let us know and we can help further.

Thanks,

Alicia

Thanks Anshu, sure that looks like our last resort option. Also this API mentions that it could only update flat file accounts.

Hi Alicia, we are using Oracle ERP Cloud connector.

Hi @ZeelSinojia01

You could try to get the technical name of the attribute and add it to the account schema and then run the aggregation to see if the attribute is being popped up on the account level.

I do not have the experience with oracle ERP cloud connector but i have seen similar situation for SAP connectors too where some attributes are not in account schema by default but if we add them to schema and try the aggregation then ISC is able to read it and store it on the account attribute.

Please check and let me know if that works.

Regards
Vikas.

Hi Vikas, this attribute is not available in the REST APIs of Oracle ERP Cloud. The SailPoint uses these REST APIs to aggregate the data so there’s no attribute such as “Last Login” in the APIs response.

Just to clarify on why we are aiming to store this information.

Let’s a user’s last working day is 19th July. However their accesses are revoked on 21st July. So the team wants to know if the user has accessed the system post their last working date and before the accesses were revoked.

Hi @ZeelSinojia01

If this is only for information purpose then may be just have a report ( may be powerBI) or dashboard that can display this information, not sure if the Access intelligent center can be utilized here.

If you have plans to automate some use case in future via ISC, then i guess you can use the identity attribute but my next question will be if there are other applications whose last logic date you want to track, then that will also need new identity attribute which may not be ideal i believe.

Thank You.
Regards
Vikas.

Hi @vguleria,

Using reports/dashboards is a good suggestion. I would discuss with the team and check. However, based on our previous discussions, I feel they are looking for a one stop solution and as they are integrating with SailPoint they would prefer to have it on IDN.

Regarding if any other applications are going to be onboarded, right now the answer would be No. This is the first app that we are onboarding and there is no next step decided once this integration is done. But yes, if this goes as plan they will discuss with the management to integrate more applications with the IDN.

Hi @ZeelSinojia01

If this is the only application, then i believe you can have an identity attribute itself.
The other option could be that you can try to connect to this source using web service connector and connect to ERP system to get the identities and then use a after operation web service rule to get the last login of the user using your custom API and add the last login stamp value on account level during the aggregation. But this approach will also give you last login value on the account level and then ISC will not be able to search queries to find the users who has logged in after termination.

So, i think you can go with creating another source using web service and get this attribute on identity level which will provide you the flexibility of using the search queries for the users who have suspicious login date.

I hope this helps.

Regards
Vikas.

1 Like

Hi Vikas,

Yes we have finalized this approach. I’ll discuss with the team and will see what’s best for them.

Thank you so much for answering, this was very informative for myself as well.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.