I am trying to use Identity-Now/ISC as a data transporter between HR System and WebService App.
I have a webservice application that doesn’t have capability of getting information directly from HR System.
So i thought of this approch: HR —IdentityNow—WebServiceApp
I don’t want to create account, nor disable or delete the account. I just want to update/modify the value of 2 attributes in WebService
Identity attribute: personalEmail sync into secondaryEmail of Webservice app
Idenity attribute : personalPhone sync into secondaryPhone of Webservice app.
Has anyone ever applied this approach? Or even this approach is a good approach?
I see no problem with this approach. You’ll still need to set the values in the Create Account configuration page and create the “Update Account” configuration in the HTTP Actions page.
But as long as you never create a “Create Account” http action, you’ll never actually create the account.
@KevinHarrington As i was following your steps and trying to add a HTTP operation UPDATE Account the endpoint API. I found one API call is only for one user.
During Aggregation operation I was able to make one call and all accounts got aggregated
You can use attribute sync without needing to create accounts on the source. As suggested, you will have to configure create account profile and use the attributes which are sourced directly from the identity for attribute sync
The way that I achieve a dynamic user-based URL for Web Services is the following:
Ensure that the ID that the PATCH call requires is either an identity attribute (such as employee ID) or an account attribute that is included in the response map of the Account Aggregation operations - and thus present on all accounts.
Utilize the Services Standard Before Provisioning Rule (or a custom developed Before Provisioning Rule) to pull this ID value off of the identity or account and include it in the Provisioning Plan whenever an update is being performed.
you can include the id attribute in the create account configuration. This will include it in the plan which can then be used in the web services http patch operation
Next thing is to setup the context path, and for that you can use your api ex: Few things to understand here in this API endpoint is
organizationId : Static Value ex: 3212xxxx
id: dynamically changing
These 2 are variables that is these should be updated before calling the API.
Now, if the organizationId is not changing per user etc. Or if it is a static value then i would say get that value and populate directly in the api.
For the {id}, see what id is required by the endpoint is it some sort of employeenumber or a autogenerated id etc.
Whatever it requires, Mark the same as account id in your Webservices Schema.
Now the final api endpoint is:
…/rest/contacts/3212xxxx/$plan.getNativeIdentity$
This should allow you to sync the values.
NOTE: before enabling it for all users, i would recommend doing the sync for single user first and once it looks good, then you can enable for all.
So you can setup the create account policy with the attribute that you need to sync along with any other attributes that are required in create profile.
Hence personal email & personal phone should be there in the create account policy.
Next thing is the Account ID i.e named as “id” is correctly marked.
Now you can simply setup the HTTP operation with the earlier suggestion/post that i had given.
And this should work perfectly.
So in summary;
You will have to add the 2 attributes which needs to be synced.
There’s your issue. Method not allowed. Can you double check the Api method you have used? I know you would have already checked that still the one you are using in postman vs the one you are using in Webservices.
Also if possible can you share screenshot of how you have configured the endpoint vs how you are calling via postman or any other tool. It would be helpful to get to conclusion where is it failing.
Thank you I really appreciate your suggestion.
Yes, I checked the method is PATCH as mentioned in the API documentation
I have modified the actual id’s for security reason
I don’t see any issue with the configuration.
But can you do one thing like hardcode the values in the configuration.
i.e rather than putting variables for now just directly put the hardcoded values and see if that works.
If not. then try deleting the current endpoint and create a new one;
I know this is a redundant step but if hardcoding doesn’t work then there maybe something which is missing maybe the base URL is missing something?
You can use the sync functionality as well, but before doing so, make sure to define the UPDATE policies in the Create Profile. Once the update policies are in place, you can use the HTTP operation to update the user attribute value.
This operation will update the attribute value based on what’s defined in the UPDATE policies. Additionally, ensure that the attribute is included in the sync configuration to keep it updated consistently
