Multiple accounts for single application but different endpoints

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

Hi Everyone, I’m kind of new to the whole IIQ platform, but I was given a task that I find rather difficult and see no previous problem alike on the web.
So I have to integrate a web application that uses Web Service connector, but here’s the pickle. Application has multiple endpoints in it. (Kind of like multiple different applications) That differ only with a single part of URI (port). And I need to perform account Creation/Aggregation/Deletion and all the essentials of application account integration with IIQ. So how do i go about that? Because of amount of applications I want to make it into a single app. So for example : when i aggregate for this application, it will either create multiple links for this application depending on existence of account (one attribute will be unique, that will identify that this account belongs to this person) or create one link that will store a list of endpoints (along with permissions for account - like endpoint1-Admin, endpoint2-ReadOnly ) that this account exists on. Sorry if information provided i vague. I don’t want to break company rules and this is my first post. Thank you in advance for any tips.

Hi @blazejbadzio ,

Is it single account which is being referenced in the target application for all the application or there is different account created each with their own unique account name which is unique across application?

If it is single account being reference then you may use after operation or customization rule to modify the final details that will be save after aggregation.

Let me know if further help needed.
Thanks

Hi @ashutosh08

For a single identity with unique attribute = “nickname” (example).
There is an account on application with URI “application.com:08088/getaccount?name=‘nickname’” (example, that account is for example an Admin in this port)
and an account on SAME APPLICATION with URI “application.com:09099/getaccount?name=‘nickname’” (example, that account is for example a ReadOnly in this port).
So the difference is in URI port, but account still has same nickname, but different permissions.

Let me know if I can provide You with more clarification.

Thank You for Your help.

Hi @blazejbadzio ,
As far I know, the webservice connector in IIQ, supports single end point for create/Modify/Delete.
Account aggregation supports multiple end points, but that is used to pull different application attributes from different end points. E.g. if a end point provides first name, last name and another end point provides department, cost center; then you can configure 2 account aggregation operation to fetch the details (first name, last name, department, cost center) of an user. Obviously there will be specific configurations you have to make to achieve this.

More details can be found in Web Service Connector

Then in this case as per understanding you are having same account but Mutiple different access coming from different URI.

Here you can use below two option.

  1. You can use Parent Endpoint Mapping.

https://documentation.sailpoint.com/connectors/identityiq8_3/webservices/help/integrating_webservices/multiple_independent_endpoints.html?Highlight=parent

  1. You can use after operation rule/customization rule.

Aggregating attributes from multiple endpoints is possible like I said earlier; but when it comes to other essential operations, I don’t think you can provision to multiple end points.