Requirement: To ensure the security of passwords, secrets, and sensitive system related parameters (No PII data) in the source configuration, it is necessary to encrypt the custom attributes that contain such data. This encryption will allow these attributes to be referred to in the “Before and After Operations on Source Account Rule” without compromising their confidentiality.
Solution: The encryption of these custom attributes can be achieved by updating the source configuration using the REST API.
POST <url>/api/source/update/<sourceID>
<url> is the URL for the customer’s IdentityNow instance and
<sourceID> is the Source ID (number) obtained through the UI
In the body of the POST, use form-data as follows to add the new custom attribute (key:value) under “connectorAttributes”, and then add the key to the existing encrypted attribute (separated by comma) as follows:
"connectorAttributes": {
"Attributename_CA":"value",
"encrypted": "forestAdminPassword,IQServicePassword,Attributename_CA"
.....
}
While adding sensitive parameters, ensure to suffix it with “_CA”. For example, if you want to use password in the request, it can be added as password_CA. If the _CA suffix is not used there may be unusual source behavior.
By following this solution, you can effectively enhance the security of your source configuration and maintain the integrity of your sensitive information.