This is a concept custom SaaS connector with two main goals in mind:
Creating unique identifiers for identities
Helping with the deduplication process of identities from multiple sources
Find more detailed information on the Github repo.
Requirements
“@sailpoint/connector-sdk”: “1.1.11”
“axios”: “^1.6.8”
“axios-retry”: “^4.0.0”
“fast-levenshtein”: “3.0.0”
“markdown-it”: “^14.0.0”
“sailpoint-api-client”: “1.3.2”
“transliteration”: “^2.3.5”
“uuid”: “^9.0.1”
“velocityjs”: “^2.0.6”
“typescript”: “^5.3.3”
Guide
Other Installation Notes
If you the below error in the logs, make sure you’ve installed node.js/typescript properly and your npm is working. Mine was bugged, but after a clean install, it fixed the issue. - Thanks to @tim-leo
I am really excited about this connector. Since I work primarily in higher ed, I see a lot of use for deduplication across sources (HCM, SIS, Alum, Admissions, etc.), so thank you for making this available!
I do have a question related my initial experience with it so far:
I imported the connector into my tenant and have configured a single source. One thing I’ve noticed that seems odd is that it creates a new proxy account/identity for the person assigned to “Manual reviewer identity or governance group” every time the aggregation is run. Is this intentional or is this a misconfiguration on my part?
Hi Matt. Happy to hear it’s helpful. I believe what you’re experiencing is a bug that could be triggered by your configuration, but definitely a bug because I experienced it myself.
I’m currently working on a new version that should fix it. I’m quite busy at the moment but I’ll try my best to release it really soon.
I do see that I am currently getting the UUID for the Identity Fusion Connector set as the identity display name. Perhaps if I update the display name to match the reviewer’s display name, the proxy accounts would all be correlated to the one identity.
I think overall that there are 2 pieces that aren’t clear from the information I’ve read here and in the repo. First, how do I setup the Identity Profile, specifically, do I need transforms that look at firstValid between each of the sources configured? Second, how do I configure the entitlement schema. From the demo and the documentation, it seems like the entitlements should be automatic.
For future reference - In my Identity Profile, I’m just mapping the attributes to the Identity Fusion account attributes. Lifecycle state is being set to a static of active for now, and enabling the Identity Fusion account so that correlation on the original source can take place.
The entitlements on the Identity Fusion connector just need to be imported. I was thinking that since they are included in the data/status.ts file that somehow they would be imported automatically, but I just needed to run an entitlement aggregation.
Since my identity attributes are being mapped correctly now, I no longer see proxy accounts being generated every time for the reviewer - their account exists once on the Identity Fusion source with the ‘reviewer’ entitlement.
Seems to be working as expected so far, now that I’ve updated my configuration.
