Custom rest api

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Version 8.4

We are looking to add some custom REST APIs to our IdentityIQ deployment to allow provisioning for the access request on the external application which is raised by end users within the company.

After end users submits the request on the other external application , approval flow will be in the external application itself.

After approval, request data which is submitted by the end users should come to SailPoint IIQ and do provisioning on the target application which is configured in IIQ.

Can anyone point me to any good resources with examples, best practices, etc. for doing this?

2

@Venkatesh0510
Yes, you can create your custom API. Once all approvals are completed in your external application, you can invoke those APIs or check the SailPoint SCIM API.

First, go through the SCIM API. If your requirements are not satisfied with it, then you can proceed with customization.

One more aspect you need to consider is the auto-approval process. Once a request is created in SailPoint, it must be auto-approved (since all approvals in the external application have already been completed).

3

@Venkatesh0510

Please refer to the SCIM API Documentation of SailPoint. Check if any REST API is available for your usecase. Use the link below:

identityiq-scim-rest-api | SailPoint Developer Community

If you need to create a custom REST API, then you can use the plugin framework. I am attaching a YouTube URL for your reference.

Developing custom APIs through the plugin framework

Please refer to these URLs and let me know if you need more help.

4

Hi @sukarande ,

How we can invoke those API from external application.

REST API:

IIQ/rest/workflows/AD Account creation/launch

payload:

{

“workflowArgs”:

{

"identityName":"23",

"firstname":"cbq",

"lastname":"test23",

"email":"cbqtest23@inspira.com"

}

}

this API, external application should launch a workflow in IIQ using above API and values which were submitted by end user should be request payload

Is my understanding correct?

5

@Venkatesh0510

From your external application, call the “IIQ/rest/workflows/AD Account creation/launch” API with the expected payload and authentication.

This will yield the expected result.

6

@Venkatesh0510 -

Implementing custom REST APIs in SailPoint IdentityIQ is typically achieved using the Plugin Framework. This approach provides a modular way to expose endpoints while leveraging IIQ’s built-in security, logging, and context management.

Check this video for more info - https://youtu.be/t0QoodWSb_U

7

Hi venkatesh,

It is possible through plugin. You can create your end points, and then you can invoke it from a target application.

if you need assistance let me know, I have recently create a plugin to create two endpoints for audit purpose.

8

Hi @naveenkumar3 ,

Thanks for the reply.

I want to do one API for provisioning request from external application.

Fyi.. it is like ServiceNow, end user will raise an access request and approval flow also there in the external application itself.

After approval, we have to read all values from the external application and provisioning should happen om backend which is on IIQ platform

Can you please share sample plugin which you created.

I sent my thought process on the above replies using REST APIs to lauch workflows using workflowArgs and attributes in payload

9

so tell me one thing, from your external application, you want to invoke accessrequest.jsf end to submit the request , correct?? is my understanding correct??