How Create a Person via API in ISC

Hello,
we have an external portal (that does not expose API) where users are manually created. The requirement is that every user created on this portal is real-time created also in Sailpoint ISC.
In Sailpoint does not exist the API Create Identity but only the Create Account, so I think that the integration must be done in this way:

  1. Create a dummy Authoritative Source in Sailpoint of type “Flat File”
  2. The Portal must call the API of Create Account for this Source
  3. In case of modify, suspend or restore it must call the realative Update Account API

Do you think this is the correct way for this integration ?

I tried in my lab this scenario and the behavior is very strange.
I created the first user by calling the /v3/accounts API and JSON:

{
  "attributes": {
    "sourceId": "7070eb4b124c4db88b2cf1efeb7ecf26",
    "id": "F74637A",
    "name": "g.carini",
    "givenName": "Giorno",
    "familyName": "Carini",
    "location": "Torino"
  }
}

And the identity is present in Sailpoint and under the source.
I tried to create a second person:

{
  "attributes": {
    "sourceId": "7070eb4b124c4db88b2cf1efeb7ecf26",
    "id": "F23445A",
    "name": "g.verds",
    "givenName": "Mark",
    "familyName": "Bisini",
    "location": "Torino",
    "e-mail": "[email protected]"
  }
}

And the API response is in success but the account does not esist in the Source and in Sailpoint.
The response is the id of the task that if I try to check with /beta/task-status/18414f5df97e422e8cf76850e5969891
I read:
“completionStatus”: “SUCCESS”,
“progress”: null,
“percentComplete”: 0

Could you help me ?

Thanks

I have an update.
After an hour the second user is popped up on Sailpoint.

The question remain: This is correct way to integrate an external portal like this ?

Hello francesco, one way to do it, is connecting with a Non-Employee source and you will be able to call the API to create the external employees in real-time. Here is the API documentation: Non-Employee Lifecycle Management | SailPoint Developer Community

Regards,
Pablo

I built a Python Dash app that retrieves the connectors, retrieves the schema, retrieve the accounts and then update the accounts.

I used the below end points:

api_url = f"https://{tenant}.api.identitynow-demo.com/v3/sources"

schema_url = f"https://{tenant}.api.identitynow-demo.com/v3/sources/{source_id}/schemas/accounts"

base_url = f"https://{tenant}.api.identitynow-demo.com/beta"

base_url = f"https://{tenant}.api.identitynow-demo.com/beta/sources/{source_id}/load-accounts"

1 Like

I see some strange limitations for these Non-Employee users.

For example is present in the source the properties:

Who should manage these accounts?
These identities can request accounts on this source. Choose a maximum of 10.

But in my requirement these people must request for themselves the accounts. This is possible ?

Thanks