Hi ,
Can some one suggest do we have any API to update the single AD account in ISC ie., I am planning to create a provisioning plan for single AD Account using rest api and update single account alone.
Please let me know if there is any approach to do create provisioning plan for single account and execute it via rest api.
Thank you,
Regards,
Yagnasri
HI @guttays ,
Could you please brief more on the issue? Are you trying to update any attribute value for AD account in SailPoint? There are no APIs for direct connectors to update accounts.
Hi Theja,
Yes we are planning to update few attributes to single AD Account instead of changing the update provisioning policy.
@guttays Unfortunately, that is not possible with ISC. APIs do exist but they work only on delimited connector and no such APIs are available for direct connectors.
Even if you change the update provisioning policy, it would still be applicable for all the accounts on your source. So not sure what exactly would you be doing here to isolate the single account.
I would suggest you to make the changes directly on the target account if that is feasible for you to do. If not, ISC makes changes from identity to account level using attribute-sync configuration. But do note that this attribute-sync configuration applies to all accounts on your source (any identity attribute changes can be propagated to be pushed to the target account).
Hi @guttays
Thank you for the question.
Can you please confirm if you need the AD account to be updated only in ISC or do you want to update the ad Account in Active directory ?
Thank You.
Regards
Vikas
I’m thinking if this can be achieved via BeforeProvisioning rule, since it’s a cloud rule, we have dependency on ES team to deploy. Just a suggestion (Sailors please correct if wrong).
Identity identity = plan.getIdentity();
String empID(or any other unique attribute) = identity.getAttribute(employeeID);
if(empID.equals(123456789);
{
#have your logic
}
Hi @Arshad ,
Thanks for taking time for my query.
Even i think for my usecase attribute sync also is not feasible option. can you suggest if you have any option to retry the failed update for AD Account.
theja,
I can see BeforeProvisioning rule have impact on all users but in my case i have to update only for failed AD Account update user
For this you can use the retry configuration on source level.
As you said you will be updating single account, I have used “If” condition specifically for that identity. But let’s hear from others
not sure if I got your ask here, but as it is an AD connection we can use PowerShell. we can call PS during a create or update operation.
Hi @guttays
Note: Assuming you are doing it for testing purpose and in sandbox env.
But my requirement is to do the update for user automated way if the provision/update is failed. is any possibility via workflow so that if any failed update for AD Account 1st i’ll send email notification and then try to update account via API/any logic from workflow.
In Case of failures ISC has OOTB features to retry it again , please check if it is helping to solve your use-case. Otherwise we can think of a custom solution
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.