Hi All,
Im using IntegrationConfig to manage a disconnect application. I need invoke the Integration Config when a role is requested or when new account is created, so in this case I have configured IntegrationConfig to be executed when Create or Modify operations are requested. The problem here is that we need avoid executing the integationConfig when role is removed from the account.
So, my question is, Is there any way to avoid executing IntegrationConfig when the operation of Account Request is Modify and Operation of AttributeRequest is Removed?
Thanks in advance
I don’t think this is possible. When you configure an Application as a in the IntegrationConfig XML, then all provisioning will be routed to the Integration regardless of the type of operation
Can you elaborate a little on the use case here - why would you not want deprovisioning of role entitlements to go through the IntegrationConfig provisioning path?
Is your Config calling a custom java class to handle the provisioning? If so, could modify that class to block the modifications when it contains the AttributeRequest with op=remove?
1 Like
In an integrationconfig, you can use an integration rule (a.k.a. plan initializer rule) to inspect and/or modify the plan. So, you can make it strip specific requests, send them elsewhere or just make it fail (throw exception) in specific cases.
1 Like
Thanks for your quick responses
We are using IntegrationConfig because we need open a ticket in Service Now via API when account is created, or a role is added in the account.
For this case, IntegrationConfig call a rule in the PlanInitializer. In this rule we could remove specific requests, but when rule is procesed, IntegrationConfig invoke to ServiceNow API and we want to avoid invoking to ServiceNow API in the IntegrationConfig when role is removed.
Is there any way to stop this proccess without throw exception? In this case we would like implement a good practice if it is possible
In the Rule Guide on Compass (https://community.sailpoint.com/t5/Technical-White-Papers/Rules-in-IdentityIQ-7-0-7-2/ta-p/78176) it says this about the outputs:
Outputs:
Argument |
Type |
Purpose |
result |
sailpoint.object.ProvisioningResult |
Result indicating success or failure; failure halts theprovisioning action.
Any other return type (including no return value) allows provisioning processing to continue |
In other words, just return a provisioning result to stop the provisioning to continue to ServiceNow.
1 Like
Hi @menno_pieters
We have noticed that the unique way to stop provisioning is returning FAILED status in the ProvisiningResult object. If we set COMMITED value, IntegationConfig is invoked and as consecuence ServiceNow API, and this case we dont want invoke to ServiceNow.
In our case we would like end provisioning Successfully but without invoking ServiceNow in the IntegrationConfig
Hi,
Finally we were able to dont invoke to provision method in the IntegrationConfig when role is removed.
In this case we have removed the account request from the plan and we have returned result object with status COMMITTED.