Sailpoint Loopback Connector to manage account attributes as entitlements

Hi Team,

I have a requirement to implement identity now as a source and the source should pull all the identities as accounts. And then certain identity attributes needs to be pulled as entitlements for certification purposes.

I tried the Sailpoint OOB connector → Integrating SailPoint with Identity Security Cloud Governance and tried updating the account attributes in Schema to entitlements but the connector doesn’t convert the account attribute values to entitlements.

Appreciate if anyone can give insights on how to proceed further.

HI Sivagami,

I believe the OOTB connector only supports Roles, Governance Groups, and User levels as entitlements.

To fit your use case you could build a custom Web Services or SaaS loopback connector to configure your entitlements as well as the ‘Remove Entitlement’ behavior on a certification revocation decision.

Thanks,

Liam

1 Like

Thanks Liam for the suggestion. I have couple of questions on the options suggested.

  1. Will webservices connector allow to convert account schema attributes as entitlements by tagging it as entitlement?
  2. Can I get a sample of changes that would be needed in the SaaS loopback connector to make my usecase work? - IdentityNow Management Connector
  1. Yes, when you setup the get accounts operation, you will just need to map the attributes you would like to be treated as entitlements to the entitlement attributes you have defined on the account schema.
  2. It’s difficult to lay out all the changes you would need. It’s all dependent on what use case you are trying to solve and how much functionality you would like to build. I’ve listed the areas that you will likely need to make changes.
    • Connector Spec:
      • Account/Entitlement schemas
    • Connector Commands:
      • stdAccountList ← get all identities and map attributes
      • stdAccountRead ← get identity and map attributes
      • stdAccountUpdate ← to handle the entitlement add/remove operations

Thanks,

Liam

1 Like

Thanks Liam! Used webservices connector to accomplish my usecase.