IIQ RESTAPI for Roles assignment provisioning

sod90883 · November 4, 2025, 12:38pm

Can some one provide me a sample IIQ REST API for provisioning roles/entitlement for entraid?

SanjeevIAM · November 4, 2025, 6:36pm

Do you already have Entra ID connector setup that can be used to provision roles/entitlements?
If yes then you can call SCIM API /scim/v2/LaunchedWorkflows calling the LCM provisioning workflow sending the identityName and plan for what roles/entitlement you want to provision.

amit_1140 · November 5, 2025, 8:05am

@sod90883 -

You can drive Entra ID (Azure AD) provisioning from IIQ by launching a workflow (typically LCM Provisioning or your own wrapper) and passing a ProvisioningPlan in the payload.

I’ll use the SCIM “LaunchedWorkflows” endpoint to start a workflow and then (optional) poll for status. The endpoint is documented here (this is the page you referenced): launch-workflow | SailPoint Developer Community

Add an Entra ID group to a user (direct entitlement)

1) POST – launch the workflow

Assumptions
– Your IIQ SCIM base is https://<host>/identityiq/scim/v2 (IIQ 8.3+ uses SCIM v2).
– The Entra ID application in IIQ is named Entra ID (change if yours differs).
– You know the user’s identityName in IIQ and the Entra ID group objectId (or the value your connector expects for group membership).
– We call the OOTB LCM Provisioning workflow.

curl -X POST "https://<host>/identityiq/scim/v2/LaunchedWorkflows" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/scim+json" \
  -d '{
  "schemas": [
    "urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow",
    "urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult"
  ],
  "workflowName": "LCM Provisioning",
  "input": [
    {
      "key": "plan",
      "value": "<ProvisioningPlan nativeIdentity=\"IdentityName\" targetIntegration=\"Active Directory\">\r\n\t<AccountRequest application=\"Active Directory\" nativeIdentity=\"cn=1c,OU=activeUsers,OU=people,DC=acme,DC=local\" op=\"Modify\">\r\n\t\t<AttributeRequest name=\"memberOf\" op=\"Add\" value=\"GroupName\"\/>\r\n\t<\/AccountRequest>\r\n<\/ProvisioningPlan>",
      "type": "application/xml"
    }
  ]
}'

Note - You should replace the identityName with the username of the user in Sailpoint IIQ and native identity with the native Identifier for the user in ENTRA ID Application.

system · January 4, 2026, 8:05am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
IIQ 8.3 Role Create via API IIQ Discussion and Questions apis	4	721	July 19, 2023
Fetching direct entitlements associated to roles IIQ Discussion and Questions apis , identityiq	2	442	July 25, 2023
Vertafore - ImageRight API - Create Operation IIQ Discussion and Questions workflows , apis , identityiq , provisioning	2	72	January 11, 2026
IIQ API for disabling/enabling Active Directory Account IIQ Discussion and Questions	3	1180	July 19, 2023
ISC rest api to fetch the user's associated role/entitlement ISC Discussion and Questions identity-security-cloud , isc-questions-and-answers	3	84	May 25, 2025

IIQ RESTAPI for Roles assignment provisioning

Add an Entra ID group to a user (direct entitlement)

Related topics