How to enable features for SaaS Connectors

matt-lee · February 1, 2023, 6:50pm

Issue

When working on a SaaS connector (which is awesome btw, we love it) we aren’t seeing the ability to use our enable\disable functions from our SaaS connector in Sailpoint. We have been able to make them available by making calls to the beta api to change feature flags on the source. Is there some way we can include those feature flags in our uploaded connector instead perhaps?

API Call required to turn on Enable\Disable actions.

url: https://{{env}}.api.identitynow.com/beta/sources/{{sourceId}}
method: PATCH
body:

[
    {
        "op": "replace",
        "path": "/features",
        "value": [
            "PROVISIONING",
            "ENABLE"
        ]
    }
]

Here are all of my relevant project files in case they are useful. Also is there some place where we might be able to share connectors?

connector-spec.json

{
	"name": "AWS IAM Identity Center (new)",
	"commands": [
		"std:test-connection",
		"std:account:create",
		"std:account:read",
		"std:account:list",
		"std:account:update",
		"std:account:disable",
		"std:account:delete",
		"std:entitlement:list",
		"std:entitlement:read"
	],
	"sourceConfig": [
		{
			"type": "menu",
			"label": "Configuration",
			"items": [
				{
					"type": "section",
					"sectionTitle": "Authentication",
					"sectionHelpMessage": "An AWS IAM User is needed to connect to your target Identity Store.",
					"items": [
						{
							"key": "accessKeyId",
							"label": "Access Key ID",
							"type": "text"
						},
						{
							"key": "secretAccessKey",
							"label": "Secret Access Key",
							"type": "secret"
						}
					]
				},
				{
					"type": "section",
					"sectionTitle": "Identity Store Config",
					"sectionHelpMessage": "Information about the Identity Store you are going to be managing.",
					"items": [
						{
							"key": "identityStoreId",
							"label": "Identity Store ID",
							"type": "text"
						},
						{
							"key": "region",
							"label": "AWS Region",
							"type": "text"
						}
					]
				}
			]
		}
	],
	"accountSchema":{
		"displayAttribute": "UserName",
		"identityAttribute": "UserName",
		"groupAttribute": "entitlements",
		"attributes":[
			{
				"name": "UserName",
				"type": "string",
				"description": "User Name (upn)"
			},
			{
				"name": "UserId",
				"type": "string",
				"description": "Unique Identifier (guid)"
			},
			{
				"name": "Formatted",
				"type": "string",
				"description": "Friendly Formatted Account Name"
			},
			{
				"name": "FamilyName",
				"type": "string",
				"description": "Last Name"
			},
			{
				"name": "GivenName",
				"type": "string",
				"description": "First Name"
			},
			{
				"name": "MiddleName",
				"type": "string",
				"description": "Middle Name"
			},
			{
				"name": "DisplayName",
				"type": "string",
				"description": "Display Name"
			},
			{
				"name": "NickName",
				"type": "string",
				"description": "First Name"
			},
			{
				"name": "Email",
				"type": "string",
				"description": "Primary Email Address"
			},
			{
				"name": "PreferredLanguage",
				"type": "string",
				"description": "Preferred Language"
			},
			{
				"name": "Locale",
				"type": "string",
				"description": "Country Code"
			},
			{
				"name": "entitlements",
				"type": "string",
				"entitlement": true,
				"managed": true,
				"multi": true,
				"description": "The AWS IAM Identity Center SSO groups that the account belongs to"
			}
		]
	},
	"entitlementSchemas": [
		{
			"type": "group",
			"displayAttribute": "DisplayName",
			"identityAttribute": "GroupId",
			"attributes": [
				{
					"name": "GroupId",
					"type": "string",
					"description": "Unique Identifier (guid)"
				},
				{
					"name": "displayName",
					"type": "string",
					"description": "Display Name"
				},
				{
					"name": "description",
					"type": "string",
					"description": "Description"
				}
			]
		}
	],
	"accountCreateTemplate": {
		"fields": [
			{
				"key": "UserName",
				"label": "UserName",
				"type": "string",
				"required": true,
				"initialValue": {
					"type": "identityAttribute",
					"attributes": {
						"name": "email"
					}
				}
			},
			{
				"key": "FamilyName",
				"label": "FamilyName",
				"type": "string",
				"required": false,
				"initialValue": {
					"type": "identityAttribute",
					"attributes": {
						"name": "lastname"
					}
				}
			},
			{
				"key": "GivenName",
				"label": "GivenName",
				"type": "string",
				"required": true,
				"initialValue": {
					"type": "identityAttribute",
					"attributes": {
						"name": "firstname"
					}
				}
			},
			{
				"key": "DisplayName",
				"label": "DisplayName",
				"type": "string",
				"required": false,
				"initialValue": {
					"type": "identityAttribute",
					"attributes": {
						"name": "displayName"
					}
				}
			},
			{
				"key": "Email",
				"label": "Email",
				"type": "string",
				"required": true,
				"initialValue": {
					"type": "identityAttribute",
					"attributes": {
						"name": "email"
					}
				}
			},
			{
				"key": "Locale",
				"label": "Locale",
				"type": "string",
				"required": false,
				"initialValue": {
					"type": "static",
					"attributes": {
						"value": "en-US"
					}
				}
			}
		]
	}
}

philip-ellis · February 20, 2023, 3:35pm

Right now the way to update source features will be to configure them in the connector-spec.json under the sourceConfig section, then you can use the api referenced above to patch them in IDN. The only difference is the path will be different – it will be /connectorAttributes. You can use your browser developer tools to see what your API calls should be when changing the source config in the IDN UI.

matt-lee · February 20, 2023, 8:48pm

Ok I think I understand, let me restate and tell me if I am getting this right.

I need to add a config element in connector spec, perhaps like this:

{
					"type": "section",
					"sectionTitle": "IDN Feature enablement.",
					"sectionHelpMessage": "Enabling IDN Features will turn on services like Enable\Disable on user accounts in the source system.",
					"items": [
						{
							"key": "idnFeatureEnable",
							"label": "Enable idnFeature",
							"type": "checkbox"
						},
						{
							"key": "idnClientId",
							"label": "IDN Client ID",
							"type": "text"
						},
						{
							"key": "idnClientSecret",
							"label": "IDN Client Secret",
							"type": "secret"
						}
					]
				},

Once I have that in, I can field that during the the execution of the constructor of my client and go make the api calls to IDN to turn on those features @ https://{{env}}.api.identitynow.com/beta/connectorAttributes/{{connectorId}}.

Is that right?

If so I can do that, but is there any plan to make those features configurable as just provided config in the connector-spec.json perhaps?

philip-ellis · February 27, 2023, 4:52pm

That is correct – you can configure them both using the API and through the UI in the configuration settings for the connector.

Topic		Replies	Views
IdentityNow Management Connector SaaS Connectors saas-connector , identity-security-cloud , community-developed	36	2546	April 25, 2024
Connector Rules Now Self-Service via Beta API Announcements identity-security-cloud	18	3527	June 23, 2023
Enhancement: Connector Customizers for SaaS Connectivity! Product News saas-connector , identity-security-cloud , new-enhancement	0	464	October 25, 2023
Using the IdentityNow TypeScript SDK with SaaS Connectors ISC Discussion and Questions saas-connector , identity-security-cloud , typescript-sdk	5	676	June 26, 2023
AWS Connector Configuration Issue ISC Discussion and Questions identity-security-cloud	1	177	November 21, 2023

How to enable features for SaaS Connectors

Issue

connector-spec.json

Related Topics