SCIM 2.0 Provisioning PayLoad Issue

Which IIQ version are you inquiring about?

Version 8.2

Share all details related to your problem, including any error messages you may have received.

Hi Experts,

I am using out of the box SCIM2.0 connector and trying to create an account with groups.

Below are the scim connector log generated after raising create request:

Exiting prepareJSONRequest: Arguments => {givenName=[James], familyName=[Wood], groups=[TestGroup], guid=[1DD0714323124DA699899DE6326EXXX], userName=[[email protected]], primaryEmail=[[email protected]], userPrincipalName=[[email protected]]}

But in the return the group value is returning Null,

User, Returns =>

{“meta”:{“resourceType”:“User”},“familyName”:“Wood”,“givenName”:“James”,“schemas”:[“urn:ietf:params:scim:schemas:core:2.0:User”],“guid”:“1DD0714323124DA699899DE6326EXXX”,“groups”:[{}],

“userName":"[email protected]”,“userPrincipalName”:"[email protected]",“primaryEmail”:"[email protected]"}

Below is the application configuration added:

could you please help me to understand why the group value is returning with NULL and how to fix this issue?

Appreciated your help.

I think it’s doing 2 call in your case , 1 for create user and another one for adding the group.

What all end points you have ?

No it is doing one call POST /Users for creating a user , below is how my setting looks like in the application xml file
<key=“skipGrpUpdate” value=“true”/>
<key=“updateGroupsViaUsers” value=“true”/>

If I make <key=“skipGrpUpdate” value=“false”/> it is making two calls 1) POST /users with null value in groups and 2) PUT /Users call with add entitlement.

but this is not we expected, we want the POST /Users call itself should be sending the entitlements along with POST call but it is coming as null in out case.

Have a post for /users with below setting

<entry key="skipGrpUpdate" value="false"/>
<entry key="usePatch">
<value>
<Boolean>true</Boolean>
</value>
</entry>

With the above settings, if it is not a new user it will calling the patch right ?
If so we don’t have patch API
we just have PUT for both /Users and /Groups
we just have PUT and POST no PATCH

https://scim.cloud/

• Create: POST https://example.com/{v}/{resource}
• Read: GET https://example.com/{v}/{resource}/{id}
• Replace: PUT https://example.com/{v}/{resource}/{id}
• Delete: DELETE https://example.com/{v}/{resource}/{id}
• Update: PATCH https://example.com/{v}/{resource}/{id}
• Search: GET https://example.com/{v}/{resource}?filter={attribute}{op}{value}&sortBy={attributeName}&sortOrder={ascending|descending}
• Bulk: POST https://example.com/{v}/Bulk

Hope this helped to resolve .

even if I use this option in debug page as you suggested key=“skipGrpUpdate” value=“false” and usePatch is true

, we are getting group as null
{"id":null,"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"userName":"aaaaa","groups":null,"active":true,"meta":null}"

Did you check the plan created by sailpoint ? I think this is the response on the target side .

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.