SailPoint IDN Webservice Connection Request Body

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hi All,

I am trying to integrate service now with IDN using the webservice connector.
I was able to establish connectivity and aggregate the data but now to configure create account below is the request body format which is required.
{
“user_name”: “new_user”,
“first_name”: “John”,
“last_name”: “Doe”,
“email”: “[email protected]”,
“password”: “password123”
// Add any other required fields
}

how to pre populate the data using identity attributes such as first name, last name and email and for the other other password take it from the user requesting as an input.

2

I’d suggest reviewing the standard ServiceNow connector vs. building it yourself. This will provide a best practice by using the standard connector minimizing changes going forward. It could also be used as a reference to see how the standard connector is doing things to compare to your connector.

1 Like
3

I agree with @edmarks, we have been using the standard ServiceNow connector for 2+ years and have had no issues with it.

But to answer your question:

  1. Add a provisioning plan to the connector. This will need to be done through the API. POST {{baseUrl}}/sources/:sourceId/provisioning-policies.
  2. Assign the Identity Attributes to the fields you defined in the provisioning plan. This can be done through the API or via Create Account in the Source GUI.
  3. Adjust your Create Account HTTP Operation to reflect your provisioning plan.
{
“user_name”: “$plan.user_name$”,
“first_name”: “$plan.first_name$”,
“last_name”: “$plan.last_name$”,
“email”: “$plan.email$”,
“password”: “$plan.password$”
}
4

Hey Carl,
I understand that the rest of the attributes can be pulled from the identity itself but what about password?
Since it’s a field I want the user to provide input for?

5

The only way you could get user input would be through a Form. I would highly recommend against having a user input a password in a Form, as that data would be visable in the IdentityNow logs.

Best practices would be to use the Password Generator Rule in your Provisioning Policy. When the account is created the password would be generated but would be unkwown to the user. Then setup an HTTP Operation for Change Password as part of your connector. This will allow the user to use Password Management (if you have that module) to reset their password on the new account.

6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.