Have a conceptual question here. Is there some source type or setup for tracking something that isn’t even a ‘system’. Here’s an example:
‘Source’ in ISC for physical door keys, with entitlements based on the type of key that needs to be copied. So a user could request an access profile for the ‘Warehouse’ key, the approver would get an ISC task to perform the manual task (creating a new physical key), then when marked as complete the ‘account’ would be added to the source for tracking.
In this scenario there would be no CSV to send back to ISC. Is the expectation that we just maintain a standalong excel file and upload it each time?
I think it would be very helpful if there was some way to make ISC the ‘authoritive source’ for account data on a source so that all the tracking was done within ISC.
In the testing I did with a delimited file source I got as far as the approval task being created, however after it was ‘marked complete’ by the approver the accounts list on the source was still empty. I’m assuming the expectation here is that it remains blank until a new csv export is done and uploaded.
You might implement this with a dummy role, i.e. a role that doesn’t contain any entitlements.
Then setup a workflow to trigger on the event of that role being granted (perhaps after approvals are done) and displays a Form with a task for the person responsible for executing the task being assigned. They go into the form and mark it as ‘complete’.
You then have a CSV source and the workflow can then call the SailPoint APIs to create an account under that source.
This is just a quick braindump of an idea, but you see there are some possibilities here.
One way to do this is to have a Delimited File source, but I understand that is not what you are after.
You can try creating an identity attribute to store key information, but I havent thought through how this would work. it wouldnt be an entitlement though.
Another option is to hijack an existing source, and add an attribute on there for key information (eg warehouse key). That attribute you can then make entitlement and link to access profiles and roles.