IntegrationConfig

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

Hello Team,

We have implemented IntegrationConfig to take care of creation and Enable Account Requests, But Rapid Leaver processed and Disable request went to the IntegrationConfig. is this expected becuase Integrationconfig is configured as below

<IntegrationConfig execStyle="synchronous" executor="com.resmed.integration.ADAMExecutor" name="ADAMIntegrationConfig">
   <Attributes>
      <Map>
         <entry key="client_code" value="%%AAM_CLIENT_CODE%%"/>
         <entry key="client_id" value="%%AAM_CLIENTID%%"/>
         <entry key="create_endPoint" value="%%AAM_ENDPOINT%%"/>
         <entry key="operations" value="Create,Enable"/>
         <entry key="scope" value="%%AAM_SCOPE%%"/>
         <entry key="sub_key" value="%%AAM_SUBKEY%%"/>
         <entry key="token_endPoint" value="%%AAM_TOKEN_ENDPOINT%%"/>
      </Map>
   </Attributes>

Here is my java class provisioning.

public ProvisioningResult provision(ProvisioningPlan plan) throws Exception {
 
logger.debug("Plan in integration config:" + plan.toXml());
List<AccountRequest> accReqs = plan.getAccountRequests();
Map<String,String> resMap = new HashMap<String, String>();
ProvisioningResult pr = new ProvisioningResult();
 
for (int i = 0; i < accReqs.size(); i++) {
AccountRequest accReq = accReqs.get(i);
String applicationName = accReq.getApplicationName();
 
            
            //datamap is comming as null
if (accReq.getOp().equals(ObjectOperation.Create)||accReq.getOp().equals(ObjectOperation.Enable)) {
logger.debug("Analysing the Account Request");

Hi @varunvj1,

Welcome to SailPoint developer community.

If possible, please post your integration config xml after removing sensitive information, so that the conclusive comments can be given.

Thanks

1 Like

Hi Vijay,
IntegrationConfig is actualy some kind of simple pipe - if you configure AppA to be managed resource in your integrationConfig that means that all provisioning calls will use your integrationConfig executor instead of standard connector - in the executor class you will already have to handle everything on your own.

I am actualy more interested in what is the real usecase here as I am not certain if using IntegrationConfig would be the most optimal solution here as most of cases can be just done by before/after provisioning.

1 Like

This has been updated to inlcude the integration config. The previous formatting was hiding it in their post.

1 Like

Try adding application for which you want to use integration config

    <ManagedResource>
      <ApplicationRef>
        <Reference class="sailpoint.object.Application" name="APP1"/>
      </ApplicationRef>
    </ManagedResource>
  </ManagedResources>

Hey @kjakubiak,

here it is

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE IntegrationConfig PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<IntegrationConfig execStyle="synchronous" executor="com.resmed.integration.ADAMExecutor" name="ADAMIntegrationConfig">
   <Attributes>
      <Map>
         <entry key="client_code" value="%%AAM_CLIENT_CODE%%"/>
         <entry key="client_id" value="%%AAM_CLIENTID%%"/>
         <entry key="create_endPoint" value="%%AAM_CREATE_ACCOUNT_ENDPOINT%%"/>
         <entry key="operations" value="Create,Enable"/>
         <entry key="scope" value="%%AAM_SCOPE%%"/>
         <entry key="sub_key" value="%%AAM_SUBKEY%%"/>
         <entry key="token_endPoint" value="%%AAM_TOKEN_ENDPOINT%%"/>
      </Map>
   </Attributes>
   <ManagedResources>
      <ManagedResource>
         <ApplicationRef>
            <Reference class="sailpoint.object.Application" name="Active Directory"/>
         </ApplicationRef>
      </ManagedResource>
    <ManagedResource>
      <ApplicationRef>
        <Reference class="sailpoint.object.Application" name="BT AD Brightree.com"/>
      </ApplicationRef>
    </ManagedResource>
    <ManagedResource>
      <ApplicationRef>
        <Reference class="sailpoint.object.Application" name="MC AD Achievent.int"/>
      </ApplicationRef>
    </ManagedResource>
   </ManagedResources>
</IntegrationConfig>

Hello @kjakubiak,

Our use case is to create the Active Directory Account using the AD Account Management Tool. We know doing this using the IQService by considering the current process we wanted to have Active Directory accounts created by the AD Account Management Tool itself, so we have created integration config to create the Account instaed of depending on direct connector.

Our concern is at intConfig we have

why Rapid leaver is coming to the IntegrationConfig eventhough we dont have the Disable operation configured in intConfig?

Well because integrationConfig is executed ALWAYS when you configure ManagedResource - you can’t say “for create yes, for disable no”

Hey @kjakubiak

Operations tag is having Create and Enable, Apart from this where i am supposed to declared Disable No and Create Yes?
Thanks in advance.

So generaly speaking if you configure

 <ManagedResource>
         <ApplicationRef>
            <Reference class="sailpoint.object.Application" name="Active Directory"/>
         </ApplicationRef>
      </ManagedResource>

It will intercept all provisioning transactions for Active Directory application. That means for each provisioning plan containing this application IIQ will call your provision method.

You can add into your executor class configure method

@Override
    public void configure(SailPointContext context, IntegrationConfig config) throws Exception {
        super.configure(context, config);

        Map<String, Object> integrationConfig = (Map<String, Object>) config.getAttribute(INTEGRATION_CONFIG);
        appConfig = (Map<String, Object>) config.getAttribute(APP_CONFIG);
}

This will read your configuration which will make it available in your provision method. Then you can controll in provision method what you want to do.

1 Like

I am under impression if Operation is Create and Enable only those operations will come to IntegrationConfig.

is there a way to stop hitting integrationconfig for Disable Operation.

No - unfortunatelly this is not how integration config works - if you configure managedResource it will intercept everything.

3 Likes

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.