Groups and responses from scim endpoint

IdentityIQ (IIQ) IIQ Discussion and Questions
, , ,
1

Which IIQ version are you inquiring about?

8.3

Hello

I am hoping someone can shed some light on an issue we’re having. The details are described below. Are we missing something on how the scim connector works. This is a scim connector out to Databricks.

In order to get it to work the way it is described below I had to add an account and group customization rule. Without those rules the groups never get updated on the link.

add user to role, account is created, link is created, user is not added to group
ran identity refresh, user is added to group, link is not updated
ran group aggregation, link is not updated with the group
ran account aggregation, link is updated with expected groups
ran identity refresh, things looked good

added identity to an additional role, to put user in another group
all groups were removed from the link
user is in the correct groups on the end point

User schema:

image
image1238×720 43.1 KB

Group Schema:

image
image1040×638 32.1 KB

Provisioning policy

image
image202×275 4.72 KB

##Sample account Data from the endpoint using a python call to retrieve it:

f"{url.rstrip(‘/’)}/Users/{user_id}"

{
“emails”: [
{
“type”: “work”,
“value”: “mustafa.yahya+1@abcd.com”,
“primary”: true
}
],
“displayName”: “SPUpgradeTest0054 COCHRANE III”,
“schemas”: [
“urn:ietf:params:scim:schemas:core:2.0:User”,
“urn:ietf:params:scim:schemas:extension:enterprise:2.0:User”
],
“name”: {
“familyName”: “III”,
“givenName”: “SPUpgradeTest0054 COCHRANE”
},
“externalId”: “28432022042901137474150”,
“active”: true,
“id”: “71414961809622”,
“userName”: “mustafa.yahya+1@abcd.com”
}

##Sample group Data from the endpoint using a python call to retrieve it:

f"{url.rstrip(‘/’)}/Users/{user_id}?attributes=groups,emails"

{
“emails”: [
{
“type”: “work”,
“value”: “mustafa.yahya+1@abcd.com”,
“primary”: true
}
],
“schemas”: [
“urn:ietf:params:scim:schemas:core:2.0:User”,
“urn:ietf:params:scim:schemas:extension:enterprise:2.0:User”
],
“groups”: [
{
“display”: “account users”,
“type”: “direct”,
“value”: “83855001607868”,
“$ref”: “Groups/83855001607868”
},
{
“display”: “SailpointGroup”,
“type”: “direct”,
“value”: “83624593917124”,
“$ref”: “Groups/83624593917124”
},
{
“display”: “SailpointGroup2”,
“type”: “direct”,
“value”: “87479558496050”,
“$ref”: “Groups/87479558496050”
}
],
“id”: “71414961809622”
}

2

@ralfonse It doesn’t seem like the issue with SCIM connectors. Are you saying you are only seeing this behavior for Databricks application and other applications are working as expected?

Note: Found a fix? Help the community by marking the comment as solution. Feel free to react(:heart:, :+1:, etc.) with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.