I am creating a custom SaaS connector and have run into an issue regarding disabling accounts. I am in need of additional identity information for ticket creation during the disablement of an account. The attributes I need are Identity Attributes and not attributes of the accounts themselves. I have created a Disable Provisioning Policy to obtain the attributes I need, but those are not being passed to the Custom SaaS connector. I have reviewed the documentation for the Account Enable/Disable and see that it only passes the Identity ID and no attributes on the input object.
Is there a way to access the attributes from the Disable Provisioning Policy on the SaaS connector? If there is no way to obtain them from the policy, what would be the best method to fetch those attributes during the disable process on the SaaS connector?
Thanks for reaching out via the community, we are glad to have you here with us!
For accessing the attributes, have you considered calling the IDN API in order to fetch the specific values that you need? I don’t think there will be a way to directly expose the additional attributes through the data that gets passed to the command, but using the identity ID, it should be possible to then query the information back from IDN using the APIs available to you. It would require a little more work, but we do have our SDK that you can import into the project to make calling the APIs easier.
Using the SDK/APIs were my fallback option if this was not possible. I was trying to avoid having multiple API requests during the processing of the command. I would have preferred it to be pre-processed on IDN and sent to the connector similar to the Create operation.
If this is not currently possible, is this something that will become available in the future?
I do not know of any functionality coming that would allow for this, although there have been discussions of enabling connector commands through workflow functions. In this case, there could be an opportunity to send additional data long with a command. I have no insight into when something like this would be available as it’s simply an idea I’ve heard discussed.
I think your best path forward will be to utilize the IDN APIs to make the calls. The good news is that it shouldn’t be too difficult to implement the logic since testing locally is so simple.