Share all details about your problem, including any error messages you may have received.
Hey everyone, I have a fundamental design question regarding the application entity structure in IIQ.
I want to connect my application to SailPoint IIQ.
I have three entities I would like to manage using IIQ (to aggregate them, provision, etc.).
The entities are users (accounts), groups, and roles.
What is the best practice for managing the connections between the entities? Should the account entity have a property named groups (holding a list of groups), or should I create a new entity named accountGroups, mapping account ID to group ID?
What’s the standard approach for this case? What structure will make provisioning and correlation the easiest?
First of all, if your application has a connector in IIQ(Salesforce,ServiceNow,etc.), use it.
In other case you can use JDBC, webservice or delimited file, depending how you want connect.
In every case, you must have the possibility to correlate groups and roles to accounts.
For example, in a JDBC connector, you can create 3 separate objects(account, groups and roles) and on account you must configure an attribute like groups and another like roles.
If you have some dubts on correlation between accounts and entitlements, you can check a standard connector schema like AD.
I was planning to do what you suggested: create 3 separate objects(account, groups and roles) and on account configure an attribute like groups and another like roles).
I wonder how uncommon it is to configure the relationships as another entity.
In the case I’m wondering about, the account won’t have a groups attribute. I would have a separate entity named accountIdToGroupId, mapping between the two.
Hi @liza_s , Can you please explain little bit about your target system , so we can help you with the Sailpoint connector and what steps and best practices you need to follow .