IntegrationConfig : Modify existing connector behavior for provisioning

IdentityIQ (IIQ) IIQ Discussion and Questions
, , , , , , ,
1

Which IIQ version are you inquiring about?

[8.4p2]

Hi All,

We have a use case to change how the provisioning works for existing connector and existing aggregation should work fine as it is. Below is use case high level.

  1. Existing connector does both aggregation and provisioning (Add user to group, group creation/update/delete)
  2. Need to keep aggregation as it is.
  3. Change the provisioning process (Add user to group, group creation/update/delete) to call a different/custom reset API.

Can we use IntegrationConfig to achieve this or please suggest any best way to achieve this. Please advise.

2

Hi @kumar_k ,
Is there any reason we can’t just use a Before Provisioning rule for this? It would let us call the custom REST API before the connector’s normal provisioning, and keep aggregation as is.

3

We did consider this option and cleared the existing plan to stop the actual provisioning but we noticed some issues with how the request status shows in “track request”. So looking for cleaner way of doing this and wanted to see if IntegrationConfig would be right option.

4

Hi @kumar_k

Can you please share a sample or pseudo of your IntegrationConfig? It will help us understand how your provisioning is set up.
Also, please read up on 8.4 IdentityIQ Provisioning Guide - Compass

5

@tisetso - Below is my config. Except group modify, for all other provisioning operations, Provisioning operation is invoked. Is there anything I am missing? not sure why group modify is not invoking Provisioning method.

<IntegrationConfig execStyle="synchronous" executor="com.abc.sp.iiq.integration.IntegrationModule" name="IntegrationModule" roleSyncStyle="dual">
<Attributes>
        <Map>
            <entry key="noPermissions" value="false"/>
            <entry key="operations" value="Create, Modify, Delete"/>
            <entry key="schemaProvisioningMap">
                <value>
                    <Map>
                        <entry key="group">
                            <value>
                                <Boolean>true</Boolean>
                            </value>
                        </entry>
                    </Map>
                </value>
            </entry>
        </Map>
    </Attributes>
    <ManagedResources>
        <ManagedResource>
            <ApplicationRef>
                <Reference class="sailpoint.object.Application" name="ABC_Application"/>
            </ApplicationRef>
        </ManagedResource>
    </ManagedResources>
</IntegrationConfig>
6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.