I’m currently working on configuring the Non-Employee Lifecycle Manager (NELM) connector in SailPoint IdentityNow and I have a few questions. I’d really appreciate any guidance or examples you could share on the following:
Filtering the “Manager” field dropdown
Is it possible to filter the list of options shown in the “Manager” dropdown field? Ideally, we’d like to display only a subset of users (e.g., users with a specific role or attribute).
Default value or restriction on “Unique Identifier”
Can we set a default value for the "Unique Identifier" field? Alternatively, is it possible to make the field read-only or prevent end users from modifying it?
Restricting access to the NELM form interface
Is there a way to allow only a specific group of users (e.g., managers) to access the NELM account creation/edit interface? We want to ensure only authorized users can perform this task.
If anyone has done something similar, your input would be highly appreciated!
I’m currently building an implementation for user interaction with NELM. There are a painful number of limitations to get around.
I’m currently leveraging a custom form which triggers a workflow that transforms data, sends various emails and enforces a multi-step approval process before (if approved) sending a HTTP request to create the user in NELM.
For your requirements mentioned here.
In a custom form you can apply search filters for your manager selection. Though this has its own issues in the workflow if the display value isn’t unique.
There is no satisfactory way to generate unique values in the workflow so you could use an email address for that (not great), I’m using the form instance ID of the triggering form as I know this is unique.
This I’m less sure about, as we trigger the form via an external web app to generate an instance of the form. That app has its own access restrictions.