I have a requirement to implement identity now as a source and the source should pull all the identities as accounts. And then certain identity attributes needs to be pulled as entitlements for certification purposes.
I tried the Sailpoint OOB connector → Integrating SailPoint with Identity Security Cloud Governance and tried updating the account attributes in Schema to entitlements but the connector doesn’t convert the account attribute values to entitlements.
Appreciate if anyone can give insights on how to proceed further.
I believe the OOTB connector only supports Roles, Governance Groups, and User levels as entitlements.
To fit your use case you could build a custom Web Services or SaaS loopback connector to configure your entitlements as well as the ‘Remove Entitlement’ behavior on a certification revocation decision.
Yes, when you setup the get accounts operation, you will just need to map the attributes you would like to be treated as entitlements to the entitlement attributes you have defined on the account schema.
It’s difficult to lay out all the changes you would need. It’s all dependent on what use case you are trying to solve and how much functionality you would like to build. I’ve listed the areas that you will likely need to make changes.
Connector Spec:
Account/Entitlement schemas
Connector Commands:
stdAccountList ← get all identities and map attributes
stdAccountRead ← get identity and map attributes
stdAccountUpdate ← to handle the entitlement add/remove operations