Which IIQ version are you inquiring about?
IIQ 8.4
Hello,
We have configured a webservices application, where we need to manage two entitlements. To manage these entitlements, we have setup two operations:
- Add Teams to a user
- Add Roles to a User
We have roles under teams. So, if we need to assign roles to a user, user must already have the team (Need to hit Add Teams endpoint first) and we need to pass teamID in the body of Add Roles endpoint. So, I have created a simple test IT role and added a team and role and tried to provision it for a user.
As per the sequenceNumberForEndpoint , the endpoint “Add Team” should be called first as it has high sequence. Below is the sequence for both the API’s:
- Add Teams –> sequenceNumberForEndpoint= 10
- Add Roles –> sequenceNumberForEndpoint=14
But the API, Add Roles is calling first instead of Add Teams. Not Sure, what might be the reason. I have updated my IT role to have the Team first and Role next. But still, it’s the same.
Additionally, in the body of Add Role. I am not getting the teamID to utilize. Attaching the needed information below.
Body of Add Role Operation in Application:
<soapenv:Body>
<ws:FTIAddUserRolesUnderTeam>
<!--Optional:-->
<UserId>$plan.nativeIdentity$</UserId>
<!--Optional:-->
<TeamId>$plan.assignedTeams$</TeamId>
<!--Optional:-->
<RoleId>$plan.rolesWithinAssignedTeams$</RoleId>
</ws:FTIAddUserRolesUnderTeam>
</soapenv:Body>
Provisioning plan in the before operation rule of Add Role:
<!DOCTYPE ProvisioningPlan PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ProvisioningPlan nativeIdentity="3084" targetIntegration="FTI" trackingId="359e7c5647424b14a5afb3cab7dddd53">
<AccountRequest application="FTI" nativeIdentity="FM3084" op="Modify">
<AttributeRequest name="assignedTeams" op="Add" value="Lc Team"/>
<AttributeRequest name="rolesWithinAssignedTeams" op="Add" value="LCINPUT"/>
</AccountRequest>
<Attributes>
<Map>
<entry key="source" value="IdentityRefresh"/>
</Map>
</Attributes>
</ProvisioningPlan>
Endpoint in Before Operation Rule:
EndPoint [_afterRule=FTI logger after rule, _beforeRule=FTI_Before_Operation_Rule
<soapenv:Header/>
<soapenv:Body>
<ws:FTIAddUserRolesUnderTeam>
<!--Optional:-->
<UserId>FM3084</UserId>
<!--Optional:-->
<TeamId></TeamId>
<!--Optional:-->
<RoleId>LCINPUT</RoleId>
</ws:FTIAddUserRolesUnderTeam>
</soapenv:Body>
</soapenv:Envelope>, bodyFormat=raw}, _responseCode=[200], _sequenceNumberForEndpoint=14, xpathNamespaces={}, possibleHttpErrors={}
I want to understand:
- Why sequenceNumberForEndpoint is not working?
- Why I am not getting the teamID in the “Add Role” requestEndPoint? as it should take the value from the provisioning Plan.
Thank you in advance.