Share all details about your problem, including any error messages you may have received.
We have on-boarded SCIM 2.0 (Connector) Application, in our instance test connection is working fine. Through sailpoint iiq, i was able to create/Modify/Delete accounts in SCIM 2.0 application.
I have written below rule, to create test groups, in SCIM 2.0 Application but i was not able to create groups.
ProvisioningPlan plan = new ProvisioningPlan();
plan.setSource(sailpoint.object.Source.GroupManagement);
plan.setTargetIntegration(“Island”);
ProvisioningPlan.ObjectRequest objectRequest = new ProvisioningPlan.ObjectRequest();
objectRequest.setOp(ProvisioningPlan.ObjectOperation.Create);
objectRequest.setNativeIdentity(“ISLAND-TESTGROUP(SP)”);
objectRequest.setApplication(“Island”);
objectRequest.setType(“group”);
objectRequest.add(new AttributeRequest(“displayName”, ProvisioningPlan.Operation.Add,“ISLAND-TESTGROUP(SP)”));
objectRequest.add(new AttributeRequest(“groupType”, ProvisioningPlan.Operation.Set,“unified”));
plan.add(objectRequest);
Provisioner provisioner = new Provisioner(context);
provisioner.execute(plan);
I have tried creating the group from postman, i was able to create the group from postman. end point that i used to create group is host/groups.
Another way is, you can use the below Rule where first plan is created and then I am launching a workflow instead of provisioner API in hte first example.
Change the AttributeRequest based on your app and application name then it would be good to go.
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" name="Example Create Entitlement Plan StandAlone">
<Description>A rule used by a Workflow to determine a step action or variable value.
Note that an Attributes map of all variables from the current WorkflowContext, merged with the arguments from the Step, is also passed into the workflow rule. </Description>
<Signature returnType="Object">
<Inputs>
<Argument name="log">
<Description>
The log object associated with the SailPointContext.
</Description>
</Argument>
<Argument name="context">
<Description>
A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
</Description>
</Argument>
<Argument name="wfcontext">
<Description>
The current WorkflowContext.
</Description>
</Argument>
<Argument name="handler">
<Description>
The workflow handler associated with the current WorkflowContext.
</Description>
</Argument>
<Argument name="workflow">
<Description>
The current Workflow definition.
</Description>
</Argument>
<Argument name="step">
<Description>
The current Step.
</Description>
</Argument>
<Argument name="approval">
<Description>
The current Approval.
</Description>
</Argument>
<Argument name="item">
<Description>
The WorkItem being processed.
</Description>
</Argument>
</Inputs>
<Returns>
<Argument name="Object">
<Description>
The result of the workflow rule; dependent on the rule itself.
</Description>
</Argument>
</Returns>
</Signature>
<Source>
import sailpoint.object.Application;
import sailpoint.object.Identity;
import sailpoint.object.ManagedAttribute;
import sailpoint.object.WorkflowCase;
import sailpoint.tools.GeneralException;
import sailpoint.tools.Util;
import sailpoint.object.AuditEvent;
import sailpoint.workflow.WorkflowContext;
import progressive.pims.IdentityRequestUtil;
import progressive.pims.WorkflowUtil;
import java.util.ArrayList;
import java.util.List;
import sailpoint.object.Custom;
import java.util.ArrayList;
import java.util.List;
import java.util.HashMap;
import sailpoint.api.sailpointContext;
import sailpoint.api.Workflower;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.Operation;
import sailpoint.object.ProvisioningPlan.ObjectRequest;
import sailpoint.object.ProvisioningPlan.ObjectOperation;
import sailpoint.object.Workflow;
import sailpoint.object.WorkflowLaunch;
import sailpoint.tools.xml.XMLObjectFactory;
// Create Provisioning Plan and add needed attribute values
ProvisioningPlan plan = new ProvisioningPlan();
ProvisioningPlan.ObjectRequest objRequest = new ProvisioningPlan.ObjectRequest();
String appName = "Active Directory";
String groupName = "Example group";
String description = "TEST OF AD Provision";
String businessApp = "ABC";
objRequest.setApplication(appName);
objRequest.setNativeIdentity(groupName);
objRequest.setOp(ObjectOperation.Create)
objRequest.setType("group");
// Create Active Directory Plan
String groupDN = "cn=" + groupName + "DN";
objRequest.setNativeIdentity(groupDN);
// Defining target application attribute
objRequest.add(new AttributeRequest("sAMAccountName", ProvisioningPlan.Operation.Add,groupName));
objRequest.add(new AttributeRequest("cn", ProvisioningPlan.Operation.Add,groupName));
objRequest.add(new AttributeRequest("objectClass", ProvisioningPlan.Operation.Add,"group"));
objRequest.add(new AttributeRequest("description", ProvisioningPlan.Operation.Add,description));
objRequest.add(new AttributeRequest("GroupType", ProvisioningPlan.Operation.Add,"Security"));
objRequest.add(new AttributeRequest("ObjectType", ProvisioningPlan.Operation.Add,"Group"));
objRequest.add(new AttributeRequest("GroupScope", ProvisioningPlan.Operation.Add,"Global"));
objRequest.add(new AttributeRequest("sysAttribute", ProvisioningPlan.Operation.Set,"memberOf"));
objRequest.add(new AttributeRequest("sysDisplayName", ProvisioningPlan.Operation.Set, groupName));
objRequest.add(new AttributeRequest("sysManagedAttributeType", ProvisioningPlan.Operation.Set, "Entitlement"));
plan.add(objRequest);
plan.setTargetIntegration(appName);
log.error("-----final plan------" + plan.toXml());
//Add needed Workflow Launch Variables to map of name/value pairs
HashMap launchArgsMap = new HashMap();
launchArgsMap.put("optimisticProvisioning","true");
launchArgsMap.put("foregroundProvisioning","true");
launchArgsMap.put("doManualActions","false");
launchArgsMap.put("fallbackApprover","spadmin");
launchArgsMap.put("approver","");
launchArgsMap.put("sessionOwner","spadmin");
launchArgsMap.put("summaryName","Active Directory create group Testing");
launchArgsMap.put("project","");
launchArgsMap.put("changes","");
launchArgsMap.put("trace","true");
launchArgsMap.put("plan", plan);
sailpoint.object.ProvisioningPlan spPlan = new sailpoint.object.ProvisioningPlan();
spPlan.fromMap(plan.toMap());
launchArgsMap.put("plan", spPlan);
//Create WorkflowLaunch and set values
WorkflowLaunch wflaunch = new WorkflowLaunch();
Workflow wf = (Workflow) context.getObjectByName(Workflow.class,"Entitlement Update");
wflaunch.setWorkflowName(wf.getName());
wflaunch.setWorkflowRef(wf.getName());
log.info("workflow getName " + wf.getName());
wflaunch.setCaseName("LCM Provisioning");
wflaunch.setVariables(launchArgsMap);
//Create Workflower and launch workflow from WorkflowLaunch
Workflower workflower = new Workflower(context);
WorkflowLaunch launch = workflower.launch(wflaunch);
String workFlowId = launch.getWorkflowCase().getId();
log.error("workflow ID " + workFlowId);
log.error("Success");
</Source>
</Rule>
The above one is working perfectly for AD groups creations. But when i tried for SCIM 2.0 chaging the attribute request in plan, but it is not working, i have enabled loggers to but i dont see anything.
For SCIM 2.0 do we need to add explicitly someother configuration for grouo creation?