How can we add a JSON path under JSONPath Mapping in the SCIM application In IIQ

bhanuprakashkuruva · December 11, 2024, 6:26pm

Hi All,

In this document, I will discuss one important thing that is not available in clear information in any other document.

The problem is, when we are working with SCIM 2.0, there might be a chance that the SailPoint SCIM connector is not able to discover all accounts schema attributes. So that data won’t come properly. So we have to manually add them to the schema. But it is not enough. We also have to do a few things also.

Step 1. Add the additional attribute to the schema first.

Step 2: Add its valid JSON path under JSONPath Mapping in the application via Debug as follows.

Go open the application from debug and find the jsonPathMapping entry (for few there might be something different like schemaPropertyMappings). In that map entry, the JSON path for whatever the attribute you added. In my case it is sscRoles.

How can we find out the JSON path for the attribute?

To know that, try to get the user details from Postman (check with application team to get the API details if you don’t find in the logs) and one user entry. There, you can use any JSONPath online/offline evaluator (SailPoint Developer Community) and get that as follows.

Copy any user entry from the result and use in JSONPath evaluator.

Get that JSONPath for whatever the attribute you are looking for and use it in the application.

After you added the path and ran the aggregation. And you will get them. And make sure the type of the attribute is multi-value if it has multiple values.

rupeshranjan · February 15, 2025, 7:16am

Does this work for complex attributes as well, or we need to do something extra? I am trying to use jsonPathMapping to create custom payload for my connector - with field “manager”. This field is part of “urn:ietf:params:scim:schemas:extension:enterprise:2.0:User” schema extension, and takes “value”, “$ref”, “displayName” parameters. In my case, i need only id. Below is my jsonpath mapping

<entry key="jsonPathMapping">
  <value>
    <Map>
      <entry key="manager.value" value="[&apos;urn:ietf:params:scim:schemas:extension:enterprise:2.0:User&apos;].manager.value"/>
    </Map>
  </value>
</entry>

I expect this to produce data like

"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
    "manager": {
        “value”: “123456"
      }
  }

but it produces data like

"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
    "manager": "123456"
  }

bhanuprakashkuruva · February 15, 2025, 7:26am

You cannot customize or update any payload request endpoints for the SCIM connector application, because that is not in our scope to update like in the web service connector we do. This is only for getting the attributes that are not there while discussing the attribute; you can explicitly do this in order to get the attributes you want.