ISC Search Loopback Connector

CoLab SaaS Connectors
, ,
1

Marketplace-Gradient
Marketplace-Gradient2401×1351 195 KB
:spiral_notepad: Description Search Loopback SaaS Connector
:balance_scale: Legal Agreement By using this CoLab item, you are agreeing to SailPoint’s Terms of Service for our developer community and open-source CoLab.
:hammer_and_wrench: Repository Link https://github.com/sailpoint-oss/colab-saas-conn-search-loopback
:open_book: New to SaaS connectors in the CoLab? Read the getting started guide for SaaS Connectors in the CoLab.
:hospital: Supported by Community Developed

Overview

The Search Loopback SaaS Connector lets you define entitlements as SailPoint search queries, automatically assigning them to identities that match your search criteria and giving you more flexibility in role assignment criteria.

You can configure entitlement mappings in the connector settings where each entitlement name corresponds to a SailPoint search query. During account aggregation, the connector executes these queries through the Search API and assigns the entitlements to matching identities. This creates a bridge between SailPoint’s search capabilities and role assignment criteria.

This connector allows you to create role criteria based on any identity search query. The assigned entitlements can then be used in standard role assignment rules just like any other entitlement.

Requirements

  • @sailpoint/connector-sdk
  • sailpoint-api-client
  • axios
  • axios-retry

Guide

Installation

Follow the standard SaaS Connector installation process outlined in the Getting Started with SaaS Connectors in the CoLab.

_manager Keyword

Appending “_manager” to the end of the entitlement name will assign the entitlement to all the managers of the returned identities. For example, in the table below, the contractor_managers entitlement would be assigned to all managers of identities that have an employeeType of “Contractor” and a cloudLifecycleState value of “active”.

Example Entitlement Mappings

Entitlement Name Search Query
inactives_with_access attributes.cloudLifecycleState:“inactive” AND entitlementCount:>0
upcoming_new_hires attributes.startDate:[now-1w TO now]
identities_without_costcenter NOT _exists:attributes.costCenter
contractor_managers attributes.employeeType:“Contractor” AND attributes.cloudLifecycleState:“active”

Identities Returned by Multiple Queries

The same identity can be included in multiple search queries. The connector will recognize this and assign multiple entitlements to the same identity.

9 Likes
2

Is one of the intentions behind this to get around the limitations of conditions for defining role membership?

3

Yes! That is the main use case we use the connector for. We can essentially expand role criteria to anything that is possible through an identity search query.

Also, we use it to help consolidate long role criteria that we re-use in many roles (ie. long country lists or regions). Then if an update ever needs to be made to the list, we only need to update in the single place (mapped entitlement search query) and that will update across all roles referencing that entitlement.

3 Likes
4

Also Date Time based roles. So for example everyone who has some identity attribute with a date type format we can do ranges & comparisons.

1 Like
5

I love that @liamkokeeffe will give it a try ASAP “maybe in a couple of days“ :), have a nice and great one!

Regards,

Mustafa

1 Like