Looking for help on Lookup table via API

vsingathi · March 7, 2025, 6:34am

Hi All, I am looking for some guidance on specific scenario in SailPoint ISC.

We are working on workday integration and have this scenario for specific attributes .
we have requirement to make a call to external API to fetch a value and map it to an identity attribute while Identity creation.
A general way to handle a finite list of lookup tables, is to have a lookup transform and based an attribute value (ex ID1) the transform will return a value (ex: ABC_ID1) which is set against the attribute. in our case the Lookup value range is high (1000’s of row)s and it gets updated regularly and hence the data is exposed via an API where in we can GET required value ( ex; ABC_ID1) based on parameter (Ex ID1).

anyone has encountered such scenario or has any suggestions, pls let me know.

KRM7 · March 7, 2025, 6:55am

Hi,

Option 1: Identity Attribute Rule, make API call to Workday. This is Cloud Rule, heard that API calls are allowed, never tried. I wouldn’t go with this approach as it needs SailPoint deployment.

Option 2: Build the Transform, you can keep updating the Transform. We have built similar requirement at a different HR system. Using SailPoint API call to update transform, you can regularly update the Transform table contents.

Option 3: Let your HR system handle this logic at their end.

– Krish

vsingathi · March 7, 2025, 7:44am

Thanks Krish. Agree Option 1, has dependency on Sailpoint team, however i am unsure if the Key attribute value changes, will the cloud rule will be invoked and latest Value is updated in the identity attribute. any thoughts on this.

Option 2: yes that’s default option we have but we want o reduce the dependency of updating the Transforms regularly.

KRM7 · March 7, 2025, 8:32am

This attribute you are calculating, do you use it for Provisioning ? If yes, then is it common attribute or some application specific attribute ?

vsingathi · March 7, 2025, 10:43am

Yes this is used for provisioning and is sent to multiple target applications as part of provisioning

KRM7 · March 7, 2025, 11:17am

If you go with Identity Attribute Rule, every time Identity Profile gets refreshed, this Rule will be executed and calculated value for each attribute. Imagine if you have 10K identities, there will be 10K API calls, you might face rate limit issue, even if you don’t face, this is unnecessary API calls.
If you go with updating Transform alone, it can be scheduled to run once a day, one API call, depends on how frequent the changes, you can schedule it.

Hope now you know which approach to consider.

system · May 6, 2025, 11:18am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can I update "Manager" attribute in SailPoint ISC using Rest API ? Is there any API to update values on Identity Attributes in SailPoint ISC? ISC Discussion and Questions identity-security-cloud	9	168	May 29, 2025
Changing Identity Attribute via API Call ISC Discussion and Questions identity-security-cloud	24	569	November 7, 2025
Can we update Account attribute from ISC workflow? ISC Discussion and Questions identity-security-cloud , isc-questions-and-answers	12	328	November 22, 2025
Provisioning an Account Attribute ( Department ID instead of Department Name) ISC Discussion and Questions identity-security-cloud , provisioning	11	120	November 14, 2025
Help in creating transform ISC Discussion and Questions identity-security-cloud	15	176	December 30, 2025

Looking for help on Lookup table via API

Related topics