NERM - Data Loader

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

We recently got an additional NERM tenant and it appears to have Baseline V3.7. In the System Configuration for the “SecZetta Server” profile it notes:
Data Loader Settings

This attribute changes the requirement checks performed by the Data Loader api’s. See the Administrator’s Guide for further information.

I’ve checked that Admin Guide and even searched for “Loader” but haven’t been able to find any documentation. Does anyone know where this documentation exists for this seemingly new functionality?

2

Ed,

The data loader configuration is part of the base/demo configuration that was built in SecZetta and not part of the product itself, so the page is referring to the baseline admin guide which wasn’t published. It’s meant to be a guide or to spark ideas to build a productive environment.

Below is the information on using the data loader workflow/apis for the baseline configuration.

Derek

Baseline Data Loader

A set of REST API calls are available to load some data into the environment to create profiles and the underlying structures needed to support them. While there are other APIs available to create and manage profiles, they must be used with caution as they would not apply any needed permissions or integration actions that the UI or APIs below will provide.
The caveat for all these APIs is that for any attribute that supports multi-value entries, the APIs will only load an initial single value into them. Additional values will need to be added via the UI or a combination of other complex API calls.

Required Information

  • WORKFLOW_ID:
  • REQUESTER_ID:
  • TOKEN:
  • URL:

Finding the Baseline DataLoader Workflow ID

  1. Navigate to Create Workflows page on the Admin dashboard in SecZetta. (/neprofile_admin/create_workflows)
  2. Click on the Baseline Data Loader workflow
  3. The id of the workflow will be found in the url for the open workflow page
  4. I.E., For the url, /neprofile_admin/workflows/49954399-ab80-43d5-92cc-cfd65e6b52fd/info, the id will be 49954399-ab80-43d5-92cc-cfd65e6b52fd

Finding the ID for the Requester

  1. Navigate to Users page on the Admin dashboard in SecZetta. (/admin/users#/)
  2. Find the user to use as the requester, and click on the name
  3. The id of the user will be found in the url for the open user page
  4. I.E., For the url, /admin/users/2a532478-0504-445a-9d2f-cc2a9d42791a, the id will be 2a532478-0504-445a-9d2f-cc2a9d42791a

Error Handling

If the request is successfully submitted, any errors will be reported to the requester’s email via a notification. Submit errors will return and error message and non-successful status code.

Required Attribute Checks

Steps to adjust required attribute checks:

  1. Select the SecZetta Server System Configuration Profile

  2. Click the Update System Configuration workflow button

  3. Change the options selected for the Data Loader.

  4. Click Submit to save the changes.

Changes will apply to any new requests.

Data Loader API

The available API actions for the BaseLine Data Loader are detailed in the following sections. These are also available as a postman collection which can be imported.

Organization Profiles

The Baseline DataLoader for an organization will create the organization profile and the needed permissions.

Request Method

POST

Request EndPoint

<URL>/api/workflow_sessions

Request Headers

Authorization Token token=
Content-Type application/json
Accept application/json

Request Body

{ "workflow_session": { "workflow_id": "WORKFLOW_ID", "requester_id": "REQUESTER_ID", "requester_type": "NeprofileUser", "attributes": { "import_type": "organization", "organization_name": "ORGANIZATION_NAME", "population_name": "POPULATION_NAME", "sponsor_login": "SPONSOR_LOGIN", "risk_score": "ORGANIZATION_RISK_SCORE", "location_code": "LOCATION_CODE", "department_code": "DEPARTMENT_CODE" } } }

Response Code

201 Created

Body Attributes

Attribute Description
import_type Must always be ‘organization’ to load a new organization
organization_name Name of the new organization
population_name Name of the population to relate to the organization
sponsor_login Login value for the organizations sponsor
risk_score 1-10 risk score for the organization
location_code Location code for the permitted location
department_code Department code for the permitted department

Sub-Organization Profiles

The Baseline DataLoader for a sub-organization will create the sub-organization profile for the specified organization and the needed permissions.

Request Method

POST

Request EndPoint

<URL>/api/workflow_sessions

Request Headers

Authorization Token token=
Content-Type application/json
Accept application/json

Request Body

{ "workflow_session": { "workflow_id": "WORKFLOW_ID", "requester_id": "REQUESTER_ID", "requester_type": "NeprofileUser", "attributes": { "import_type": "suborganization", "suborganization_name": "SUBORGANIZATION_NAME", "organization_name": "ORGANIZATION_NAME" } } }

Response Code

201 Created

Body Attributes

Attribute Description
import_type Must always be ‘suborganization’ to load a new suborganization
suborganization_name Name of the new sub-organization
organization_name Name of the organization for the sub-organization

Organization Collaborators

The Baseline DataLoader for an organization collaborator will create a profile and user for the new collaborator, assign permissions, and send a registration invitation to the specified email.

Request Method

POST

Request EndPoint

<URL>/api/workflow_sessions

Request Headers

Authorization Token token=
Content-Type application/json
Accept application/json

Request Body

{ "workflow_session": { "workflow_id": "WORKFLOW_ID", "requester_id": "REQUESTER_ID", "requester_type": "NeprofileUser", "attributes": { "import_type": "organization_collaborator", "first_name": "FIRST_NAME", "last_name": "LAST_NAME", "email": "EMAIL", "organization_name": "ORGANIZATION_NAME" } } }

Response Code

201 Created

Body Attributes

Attribute Description
import_type Must always be ‘organization_collaborator’ to load a collaborator
first_name Firstname of the collaborator
last_name Lastname of the collaborator
email Email address for the collaborator
organization_name Name of the organization for the suborganization

Sub-Organization Collaborators

The Baseline DataLoader for a sub-organization collaborator will create a profile and user for the new collaborator, assign permissions, and send a registration invitation to the specified email.

Request Method

POST

Request EndPoint

<URL>/api/workflow_sessions

Request Headers

Authorization Token token=
Content-Type application/json
Accept application/json

Request Body

{ "workflow_session": { "workflow_id": "WORKFLOW_ID", "requester_id": "REQUESTER_ID", "requester_type": "NeprofileUser", "attributes": { "import_type": "suborganization_collaborator", "first_name": "FIRST_NAME", "last_name": "LAST_NAME", "email": "EMAIL", "suborganization_name": "SUBORGANIZATION_NAME", "organization_name": "ORGANIZATION_NAME" } } }

Response Code

201 Created

Body Attributes

Attribute Description
import_type Must always be ‘suborganization_collaborator’ to load a collaborator
first_name Firstname of the collaborator
last_name Lastname of the collaborator
email Email address for the collaborator
suborganization_name Name of the suborganization that the person will be a collaborator for
organization_name Name of the organization for the suborganization

Location Profiles

Request Method

POST

Request EndPoint

<URL>/api/workflow_sessions

Request Headers

Authorization Token token=
Content-Type application/json
Accept application/json

Request Body

{ "workflow_session": { "workflow_id": "WORKFLOW_ID", "requester_id": "REQUESTER_ID", "requester_type": "NeprofileUser", "attributes": { "import_type": "location", "location_code": "LOCATION_CODE", "location_description": "LOCATION_DESCRIPTION", "city": "CITY", "state": "STATE", "country": "COUNTRY", "postal_code": "POSTAL_CODE", "street_address1": "STREET_ADDRESS1", "street_address2": "STREET_ADDDRESS2" } } }

Response Code

201 Created

Body Attributes

Attribute Description
import_type Must always be ‘location’ to load a new location
location_code Code for the location (will be what is searched on the assignments and organizations)
location_description Description for the location
city City for the location (not required)
state State for the location (not required)
country Country for the location (not required)
postal_code Postal Code (ZipCode) for the location (not required)
street_address1 Address1 for the location (not required)
street_address2 Address2 for the location (not required)

Department Profiles

Request Method

POST

Request EndPoint

<URL>/api/workflow_sessions

Request Headers

Authorization Token token=
Content-Type application/json
Accept application/json

Request Body

{ "workflow_session": { "workflow_id": "WORKFLOW_ID", "requester_id": "REQUESTER_ID", "requester_type": "NeprofileUser", "attributes": { "import_type": "department", "department_code": "DEPARTMENT_CODE", "department_name": "DEPARTMENT_NAME", "approver_login": "APPROVER_LOGIN" } } }

Response Code

201 Created

Body Attributes

Attribute Description
import_type Must always be ‘department’ to load a department
department_code Code for the department (will be what is searched on the assignments and organizations)
department_name Name for the department

Assignment Profiles

Request Method

POST

Request EndPoint

<URL>/api/workflow_sessions

Request Headers

Authorization Token token=
Content-Type application/json
Accept application/json

Request Body

{ "workflow_session": { "workflow_id": "WORKFLOW_ID", "requester_id": "REQUESTER_ID", "requester_type": "NeprofileUser", "attributes": { "import_type": "assignment", "first_name": "FIRST_NAME", "last_name": "LAST_NAME", "email": "EMAIL", "middle_name": "MIDDLE_NAME", "birth_month": "BIRTH_MONTH", "birth_day": "BIRTH_DAY", "personal_phone_number": "PERSONAL_PHONE", "professional_phone_number": "PROFESSIONAL_PHONE", "organization_name": "ORGANIZATION_NAME", "suborganization_name": "SUBORGANIZATION_NAME", "population_name": "POPULATION_NAME", "subpopulation_name": "SUBPOPULATION_NAME", "job_title": "JOBTITLE", "start_date": "START_DATE", "end_date": "END_DATE", "sponsor_login": "SPONSOR_LOGIN", "location_code": "LOCATION_CODE", "department_code": "DEPARTMENT_CODE" } } }

Response Code

201 Created

Body Attributes

Attribute Description

Attribute Description
import_type Must always be ‘assignment’ to load an assignment
first_name Firstname of the person
last_name Lastname of the person
email Email address for the person
middle_name Middle name of person
Birth_month 2 digit birth month of person
Birth_day 2 digit birth day of person
Personal_phone_number Personal phone number of person
Professional_phone_number Work phone number for person
Organization_name Name of the organization for the assignment
Suborganization_name Name of the sub-organization for the assignment
Population_name Name of the population for the assignment
Subpopulation_name Name of the subpopulation for the assignment
Job_title Job title for the assignment
Start_date Start date for the assignment
End_date End date for the assignment
Sponsor_login Login of the user record for the assignment sponsor
Location_code Code of the location for the assignment
Department_code Code of the department for the assignment
3

@DerekHackbardt GREAT INFORMATION!

Side note - the notes included a reference to a NERM Postman collection. If that exists, can you provide a link?

4

This collection should match the document:

SZBaselineDataloaderPostmanCollection.json (10.4 KB)

1 Like
5

@DerekHackbardt Any chance there’s a Postman collection to go with all the NERM API definitions similar to what’s provided for IDN?

I’ve building/maintaining my own Postman collection, but curious if I’m missing out on something already provided.

6

The NERM collection is available along with the others now at Postman Collections | SailPoint Developer Community

2 Likes
7

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.