IdentityNow - Update Account API

Hello Experts

I am unable to call the beta version update account API using JSON Patch standards.

Facing the error – not a valid patch field for the account model

Requirement: Update account API to be called update a specific attribute on the source.

Requesting your valuable support on this.

1 Like

Can you share with us the JSON payload you sent in the request as well as the exact response?

Update account works fine for delimited sources, but not the G suite (which is a connected source) with below payload. I expected that this would initiate attribute level provisioning on source account.

JSON paylaod:
{
“attributes”:{
primaryEmail":"[email protected]
}
}

That payload isn’t valid for PATCH. PATCH requires the following structure:

[

    {
        "op": "replace",
        "path": "/identityId",
        "value": "2c9180845d1edece015d27a975983e21"
    }

]

Your payload looks like it is formatted for the PUT endpoint: put-account | SailPoint Developer Community

Hey @colin_mckibben … thanks very much for the response. :slight_smile:

Tried this as well and the error I have got is something similar to “Syntactically correct but semantically incorrect”

Also, quick thing – Is the beta API for update account expected to provision attributes or is it just for updating the identityId / delimited file attributes?

I did some testing on my personal tenant, and here is what I found.

You can do a PUT request to update account attributes. A PUT request will trigger account aggregation automatically, which you can track with the task ID that is returned from the PUT request. A word of caution, you must provide all of the account attributes in the PUT body, even if there are some that you aren’t changing. Any attribute not present will be set to null, which could end up deleting the account. Here is an example of what I did to change the following account title:

Account for Jack Ryan:

{
        "sourceId": "2c9180887671ff8c01767b4671fb7d5e",
        "identityId": "2c918085771b670d01771c567e700917",
        "attributes": {
            "manager": "Colin McKibben",
            "familyName": "Ryan",
            "givenName": "Jack",
            "name": "jack.ryan",
            "e-mail": "[email protected]",
            "groups": [
                "DevRel"
            ],
            "location": "Boston",
            "id": "E002",
            "title": "Developer Advocate",
            "idNowDescription": "7d989fe20855bc7965c536f675fd082e919a56ae474791892b692fe8f14acdd9"
        },
        "authoritative": true,
        "description": null,
        "disabled": false,
        "locked": false,
        "nativeIdentity": "E002",
        "systemAccount": false,
        "uncorrelated": false,
        "uuid": null,
        "manuallyCorrelated": false,
        "hasEntitlements": true,
        "id": "2c918085771b670d01771c567e710918",
        "name": "jack.ryan",
        "created": "2021-01-19T20:29:26.513Z",
        "modified": "2021-02-08T15:49:57.733Z"
    }

PUT https://devrel.api.identitynow.com/beta/accounts/2c918085771b670d01771c567e710918
Body:

{
    "attributes": {
            "manager": "Colin McKibben",
            "familyName": "Ryan",
            "givenName": "Jack",
            "name": "jack.ryan",
            "e-mail": "[email protected]",
            "groups": [
                "DevRel"
            ],
            "location": "Boston",
            "id": "E002",
            "title": "Engineer",
            "idNowDescription": "7d989fe20855bc7965c536f675fd082e919a56ae474791892b692fe8f14acdd9"
        }
}

Response:
202 Accepted

{
    "id": "2c918084785b737d017864a994562efa"
}

The only attribute I changed was title. Notice how I still provide all of the other attributes unchanged? You must do this for PUT otherwise the server will remove any attribute you don’t specify in the body.

The resulting behavior is that the identity’s title changed to “Engineer”, and any account provisioning rules that look for changes in “title” were triggered.

I tried to do the same update with the PATCH endpoint, but I am running into the same issue as you. It gives me a 400 Bad Request with the following body:

[/attributes/title is not a valid patch field for the account model.
]

Although the docs don’t yet reflect it, the PATCH endpoint only supports updates to /identityId and /manuallyCorrelated. So PATCH won’t work for your needs. You will need to use PUT.

2 Likes

@colin_mckibben

Nice to really fast responses. thank you very much for this.

I will try this out and keep you posted.


Thanks
Sandilya Krovvidi

1 Like

@colin_mckibben

Thanks for providing this. However, as discussed previously, this call is working for delimited files only and not for the connected sources…

Is this a bug or an expected behaviour?

If it’s a behaviour, I will raise an idea for this… Please let me know accordingly.

1 Like

Sounds like a bug. Can you manually trigger account aggregation on your connected source after running the PUT command?

PUT should trigger aggregations regardless of delimited or connected source. Can you submit a support ticket at https://support.sailpoint.com?

1 Like

My customer would not be using this feature because of issues we found. Can I still raise a bug as a partner?

Hi @SandilyaKrovvidi

We might want to back up a little bit. Can you tell me what you are trying to do?

The v3 / beta accounts end-point is for modifying already aggregated accounts. This end-point only lets you update the identity reference, which will move / re-correlate the account to a new identity. It doesn’t let you make direct account updates to the model. Those are expected to come from account aggregations.

I just stumbled on this article doing a search and apparently the functionality is better documented in the V3 version of the API (BETA should probably be updated also or a reference provided to V3)

Update Account

Use this API to modify the following fields:

  • identityId
  • manuallyCorrelated

NOTE: All other fields can not be modified.

2 Likes