How to provision SCIM2.0 Complex attribute like Manager

jayaram_theeda · July 30, 2021, 11:27am

Hi Experts,
I have manager complex attribute as below. IIQ can discover, able to preview and aggregate the manager field. I’m getting “Unable to get property value from getter class:openconnector.connector.scim2.SCIM2ExtendedComplexPropertyGetter
java.lang.IllegalStateException: Not a JSON Object: "7c8808f3-defa-4411-991a-eb42dd7f2c3b” error while trying to provision.
Manager field in SCIM:
info.txt (6.0 KB)

“manager”: {
“$ref”: “https://XXX.test.XXXX.com/scim/internal/Users/7c8808f3-defa-4411-991a-eb42dd7f2c3b”,
“value”: “7c8808f3-defa-4411-991a-eb42dd7f2c3b”
}
Please find additional error details in the attachment.

Can any one suggest me how I can send the value for manager ?
Thanks in advance,
Jay

menno_pieters · August 3, 2021, 2:38pm

The manager is part of the extended schema, so needs to be in a “container” for that schema. Then, all you need to provide is the id of the manager as the value:

{
    "urn:ietf:params:scim:schemas:sailpoint:1.0:User": {},
    "emails": [
        {
            "type": "work",
            "value": "[email protected]",
            "primary": "true"
        }
    ],
    "schemas": [
        "urn:ietf:params:scim:schemas:sailpoint:1.0:User",
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
    ],
    "name": {
        "formatted": "Andrew.Dwyer",
        "familyName": "Dwyer",
        "givenName": "Andrew"
    },
    "active": true,
    "userName": "Andrew.Dwyer",
    "password": "xyzzy",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
        "department": "Finance",
        "manager": {
            "value": "7bac06aaf46811ebaea21bb0add92936"
        }
    }
}

whoiscjay · May 31, 2023, 8:41pm

Hey @menno_pieters ,

Do you have any guidance on how to configure the Account Schema / Create Profile to provision complex attributes for a SCIM source that are non-referenceable within IDN?

For example, if the User schema on the SCIM source expected the below, how would we be able to configure the Create Profile to achieve this?

        "emails": [
            {
                "value": "[email protected]",
                "type": "business"
            }
        ],

We are finding that when we discovery the schema, the account schema for the source in IDN includes both emails.value and emails.type attribute.

Chris

brian_weigel · May 31, 2023, 11:52pm

@whoiscjay This is a very old thread and is in the context of IIQ and not IDN (although the SCIM standard is pretty much universal). I’d first point you to the SCIM core schema (RFC 7643: System for Cross-domain Identity Management: Core Schema) and that you would need to use some form of selector to identify the correct list element to retrieve, followed by the element’s sub-attribute.

If you need more help with your issue, I’d suggest creating a new post in the #idn forum detailing your issue/question.

system · July 30, 2023, 11:53pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How To Get Schema Extension Enterprise Attributes (Eg Manager) for SCIM 2.0 connector IIQ Discussion and Questions	6	2733	July 19, 2023
SCIM Connector Discover Schema Error IIQ Discussion and Questions webservice-connector , apis	3	602	June 29, 2023
Encountering error while launching workflow via SCIM IIQ Discussion and Questions	2	1552	July 19, 2023
Unable to pull Schema Preview for an application using SCIM2.0 connector IIQ Discussion and Questions rules , identityiq	9	297	January 9, 2024
schemaId is null when attempting to discover schema SCIM 2.0 IIQ Discussion and Questions	9	3115	July 19, 2023

How to provision SCIM2.0 Complex attribute like Manager

Related Topics