GetObject in Webservice Connector

tanaychouhan1 · January 9, 2024, 3:01pm

Hi Team,

When I remove any entitlement for a webservice connector. It doesn’t reflects immediately on the user profile. We had configured getObject API.

Do we have aggregate the account every time to see the updated access in IDN. Doesn’t the get Object operation triggers automatically & does this job ?

Thanks,
Tanay Chouhan

Swegmann · January 10, 2024, 10:38am

If you remove an entitlement outside of IDN, natively that is, you need to aggregate that account for the source that is connected to it for the changes to be visible in IdentityNow.

If you remove an entitlement from IDN via for example a certification, it should show immediatly after the API request has been successful.

How does the entitlement structure look like and what operations are you using right now? Are you removing the actual entitlement itself or the entitlement from a user account conneted to the Webservice source?

tanaychouhan1 · January 10, 2024, 12:59pm

Hi Sebastian, Thanks for your input.

I agree that is the expected behavior for sources like AD or LDAP but for Web service connector it is not the case.

I am using Remove Entitlement operation to remove the access of a user from IDN via Certification. This is for a webservice connector.

Swegmann · January 10, 2024, 1:05pm

Yes, of course you need to configure a Remove Entitlement Operation beforehand!

However, you should not need a Get Object Operation in order for IDN to actually sync with the end system after removal.

RAKGDS · January 10, 2024, 1:17pm

Hi Tanay,
Please configure getObject method. This is required by IDN for syncing in the changes to IdentityNow.

Also please do the following on your source and test again.

Patch : https://{{tenant}}.api.identitynow.com/v3/sources/:id
Body:

[
  {
    "op": "add",
    "path": "/connectorAttributes/getObjectAfterProvision",
    "value": true
  }
]

tanaychouhan1 · January 10, 2024, 2:41pm

Thanks Rakesh. I tried this still sync not working.

RAKGDS · January 10, 2024, 2:54pm

Hi Tanay,
I am not understanding the issue. Are you revoking an entitlement directly or revoking access profile or role ? Is it getting removed in target?

Swegmann · January 11, 2024, 8:20am

Can you share step-by-step what it is you are doing inside IdentityNow?

Can you also share a screenshot of the operations in the Web Service Configuration, as well as a screenshot of the Remove Entitlement Operation configuration?

tanaychouhan1 · January 12, 2024, 8:25am

Hi Rakesh,

There are two access profiles AP1 & AP2. Both were assigned using Access Request.
I am removing AP2 via Certification. It does gets removed from Target but the changes doesn’t reflects in IDN until I aggregate the account.

system · March 12, 2024, 8:26am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
IDN Web Services Get-Object Operation ISC Discussion and Questions webservice-connector , identity-security-cloud	3	118	April 9, 2024
Web service connector Add Entitelement operation ISC Discussion and Questions	4	1773	July 19, 2023
WebService Connector - Remove Entitlement ISC Discussion and Questions webservice-connector , identity-security-cloud , provisioning	2	126	April 21, 2024
Search Group Members ISC Discussion and Questions	5	1280	June 16, 2023
Issue with Web Services Connector and entitlements ISC Discussion and Questions webservice-connector , apis , identity-security-cloud	6	303	January 16, 2024

GetObject in Webservice Connector

Related Topics