I’m working on an integration scenario in Identity Security Cloud (ISC) and I have a question regarding Disconnected Applications (Delimited File sources).
After an identity is created in ISC, some Birthright Access Kits are automatically assigned. This works well for connected systems like Active Directory and Salesforce, where accounts are provisioned automatically.
However, one of the Birthright Access Kits also assigns a group from a disconnected application — a Delimited File (CSV) source. This results in a Task being created for the owner to manually provision the account in the Delimited File source and the target system.
My question is: is there any way to automate account creation in the Delimited File source instead of having this manual step?
Could this be handled through a Workflow?
Is there a trigger or event I can use when the Task is created, so it could be leveraged to automatically create the account in the Delimited File source?
Any guidance or best practices would be greatly appreciated
Hi Thiago,
We implement a Java Service which is running on a scheduled basis for checking the completed work items by sources and we doing the necessary task via RESTFul API.
OOB it is not possible, but if you can use ServiceNow integration for example, everything would be automated.
Since, it’s a delimited file connector you have very less options to automate the provisioning.
Ideal option for you is to switch from delimited file to SQL Loader Connector. SQL loader connector can help you to execute automated provisioning similar to JDBC connector i.e. via SQL queries. This will help to create entries in file, update/delete entries in file for all the provisioning operations.
If this doesn’t work then you may have to build some customization outside of SailPoint, with the help of SailPoint APIs.
Question, do you want the account actually put on the delimited file? Or is it okay to just have the account created on the delimited file source in SailPoint?
the different being creating on the source in SailPoint you can see it as if it is on the file but its not. but as far as SailPoint knows at that point it exists. You do have to be careful in your config for the source in that you have to disable detect deleted accounts. this way if you aggregate and that account is not actually on the file you import, it will delete the account you created.
All that to say there is an API endpoint for this use case.
So you can use a workflow to call this in an HTTP Request step. I wish there was a trigger for Task created and thats actually what I’m looking for when i found your post.
I need this for the opposite, i have a delimited file connector with a buildMap rule that creates an Entitlements column for some compliance and when they are terminated we have remove all access enabled and it tries to remove this entitlement and I want to trigger a workflow to close those tasks. Would love to set the connector to not even create them.
Anyway, good luck.
My question is: is there any way to automate account creation in the Delimited File source instead of having this manual step?