Disconnected application onboarding via APi

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Hi,

Trying to achieve the below flow using Sailpoint IIQ API’s :

  1. Create disconnected application
  2. Upload entitlements for the disconnected application
  3. Mark the entitlements requestable.

I am find hard to get hold of API"s for Sailpoint IIQ’s ( the API list do not have any of these) . Can anyone please help me with the API’s/Documentation please?

2

Hi @PratithShetty Did you check https://community.sailpoint.com/t5/Other-Documents/Rapid-Setup-Migration-Guide/ta-p/171858

Are you looking only for API approach?

1 Like
3

@rajeshs Yes, I am only looking for API approach.

4

Can you elaborate on your use case. Are you looking for IIQ java doc to create application and perform those steps. OR you are exploring SCIM/Rest endpoint to perform these operations

5

Hi @PratithShetty

Please find the below resources for REST API and SCIM -

But I guess there are no direct endpoints for creating Application or entitlements. To meet your requirements, it looks like you have to create a Custom Webservice endpoint, the REST API guide will provide more information on that. The other approach is to create a Workflow to create application and entitlement, then call the Workflow endpoint with the required information to create Application or Entitlement.

1 Like
6

Has anyone worked on Delimited file creation using Workflows? Would it possible to give the code for it?

7

If the requirement is to use the APIs to create the Application and upload the entitlements, one way to achieve this is via REST API Plugin development Plugin Developers Guide - Java Classes - REST Resources - Compass (sailpoint.com)

Steps:

  1. Build a REST Endpoint Plugin with endpoints like OnboardApplications, AddManageAttributes etc.
  2. Write the Custom Plugin with method for each of the processes which parse the input and calls the Sailpoint APIs to onboard apps and/or update ManagedAttributes.
  3. With Plugin, you have to manage Authentication/Authorisation with Capabilities and Scopes.
  4. The APIs should build the appropriate response for each of the scenario (HTTP response 2XX, 3XX, 4XX, 5XX etc)

The challenge with this approach is each application will have different set of attributes but as you mention it is the delimited application you have to make sure that all the parameters are provided and validated by the plugin code. Things to consider is how are you going to handle the Rules
→ Customization Rule, Creation Rule, Correlation rule etc. (may be you can define a standard for all the delimited apps).

Not trying to overwhelm you, but the above approach is surely feasible but needs to be properly designed and implemented (and since it’s a custom development, needs to be managed as well)

1 Like
8

Could you elaborate, what is your use-case to create some application factory? I.e to create applications on the fly?
Which of course doable, but what is the purpose to create dozens of disconnected applications which visibility is zero (no users, no actual entitlements) etc.
However, Sailpoint Professional Services has done something similar which you may use - they have a application factory solution which allows rapid onboarding of thousands of applications.

9

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.