Hi all,
Success but still no employeeStatus attribute/values shows. How can i fetch the employeeStatus value by fire scim api?
Hi @dausfadzlon - are you receiving the other attributes (manager, entitlements, roles) ?
âemployeeTypeâ is a not a standard schema attribute for the base SCIM 2.0 user, the enterprise user extension, or the SailPoint extension.
I have no idea if this will work, but worth a quick shotâŚ
1. In debug mode - select object type 'Configuration'
2. Select the 'SCIMConfiguration' object
3. Find the 'SchemaPropertyMapping" XML entry for "<SchemaPropertyMapping urn="urn:ietf:params:scim:schemas:sailpoint:1.0:User">"
4. Paste "<AttributePropertyMapping name="employeeStatus" property="employeeStatus" queryClass="sailpoint.service.scim.GenericFilterModifier" setter="sailpoint.service.scim.UserPropertySetter"/>" as a subobject under the XML entry from step#3
5. Save the object
Now try your query again - if necessary add the query params "?attributes=urn:ietf:params:scim:schemas:sailpoint:1.0:User:employeeStatus"
Does this work?
1 Like
Hi Adam,
It works by adding the necessary attribute in the query but unfortunately, I need to fetch the user application status;(disable/locked). For my case, the applications are CBS and CAMS.
Attached ss of the key value for the user status application (key = âIIQLockedâ). this is the status value i want to fetch using SCIM API query.
Ah I see - so if you search for a specific user with the SCIM API - you should get back simple account level details:
http://{{identityiqHost}}/{{identityiqAppName}}/scim/v2/Users?filter=userName eq "Adam.Kennedy"
OR
http://{{identityiqHost}}/{{identityiqAppName}}/scim/v2/Users/8a8080824df45873014df45bd97400c9 (final string should be the ID value of the user)
But that if you look at the reponse, it only contains the application and a link to another SCIM endpoint to pull the account details:
{
"urn:ietf:params:scim:schemas:sailpoint:1.0:User": {
"capabilities": [],
"lastRefresh": "2021-09-23T15:39:52.850-05:00",
"jobTitle": "Payroll Analyst II",
"employeeId": "1b2c3a4e",
"administrator": {},
"employeeType": "Employee",
"phone": "5124152339",
"isManager": false,
"location": "London",
"accounts": [
{
"displayName": "[email protected]",
"value": "0a0000017ba71589817c1372448c7e1a",
"$ref": "http://<iiq_url>/identityiq/scim/v2/Accounts/0a0000017ba71589817c1372448c7e1a"
},
{
"displayName": "Adam.Kennedy",
"value": "8a8080824df45873014df45c164601d8",
"$ref": "http://<iiq_url>/identityiq/scim/v2/Accounts/8a8080824df45873014df45c164601d8"
},
{
"displayName": "AKENNE",
"value": "8a8080824df45873014df45d012705ae",
"$ref": "http://<iiq_url>/identityiq/scim/v2/Accounts/8a8080824df45873014df45d012705ae"
},
{
"displayName": "Adam.Kennedy",
"value": "8a8080824df45873014df45da06308b0",
"$ref": "http://<iiq_url>/identityiq/scim/v2/Accounts/8a8080824df45873014df45da06308b0"
}
],
"riskScore": 100,
"department": "Accounting",
"region": "GB"
},
"emails": [
{
"type": "work",
"value": "[email protected]",
"primary": true
}
],
"displayName": "Adam Kennedy",
"meta": {
"created": "2015-06-14T18:16:09.717-05:00",
"location": "http://<iiq_url>/identityiq/scim/v2/Users/8a8080824df45873014df45bd97400c9",
"lastModified": "2021-09-28T17:01:56.678-05:00",
"version": "W/\"1632866516678\"",
"resourceType": "User"
},
"schemas": [
"urn:ietf:params:scim:schemas:sailpoint:1.0:User",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"name": {
"formatted": "Adam Kennedy",
"familyName": "Kennedy",
"givenName": "Adam"
},
"active": true,
"id": "8a8080824df45873014df45bd97400c9",
"userName": "Adam.Kennedy",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"manager": {
"displayName": "Douglas Flores",
"value": "8a8080824df45873014df45bcfab008d",
"$ref": "http://<iiq_url>/identityiq/scim/v2/Users/8a8080824df45873014df45bcfab008d"
}
}
}
So if you were interested in the attributes on Adam.Kennedyâs one of those accounts, youâd then need to make another GET call to
"http://<iiq_url>/identityiq/scim/v2/Accounts/0a0000017ba71589817c1372448c7e1a"
which will return account specific attributes
{
"lastRefresh": "2021-09-28T17:02:05.132-05:00",
"displayName": "Adam.Kennedy",
"active": true,
"manuallyCorrelated": false,
"urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Active Directory:account": {
"msNPCallingStationID": [],
"mail": "[email protected]",
"manager": "CN=Douglas Flores,OU=London,OU=Europe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com",
"sAMAccountName": "Adam.Kennedy",
"msNPAllowDialin": "Not Set",
"displayName": "Adam Kennedy",
"givenName": "Adam",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"distinguishedName": "CN=Adam Kennedy,OU=London,OU=Europe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com",
"employeeID": "1b2c3a4e",
"cn": "Adam Kennedy",
"facsimileTelephoneNumber": [],
"carLicense": [],
"accountFlags": [
"Normal User Account"
],
"objectguid": "{cef43cca-efc9-45ff-b5f2-989cbe1eef09}",
"primaryGroupID": "513",
"objectSid": "S-1-5-21-2981491572-779881612-3979282638-3249",
"memberOf": [
"CN=InvntryAnalysis,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com",
"CN=All_Users,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
],
"sn": "Kennedy",
"department": "Accounting",
"msDS-PrincipalName": "SERI\\Adam.Kennedy",
"userAccountControl": "512",
"userPrincipalName": "[email protected]",
"msRADIUSFramedRoute": []
},
"uuid": "{cef43cca-efc9-45ff-b5f2-989cbe1eef09}",
"nativeIdentity": "CN=Adam Kennedy,OU=London,OU=Europe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com",
"privileged": false,
"inactive": false,
"application": {
"displayName": "Active Directory",
"value": "8a8080824df44d48014df45440d502cf",
"$ref": "http://<iiq_url>/identityiq/scim/v2/Applications/8a8080824df44d48014df45440d502cf"
},
"identity": {
"displayName": "Adam Kennedy",
"userName": "Adam.Kennedy",
"value": "8a8080824df45873014df45bd97400c9",
"$ref": "http://<iiq_url>/identityiq/scim/v2/Users/8a8080824df45873014df45bd97400c9"
},
"service": false,
"meta": {
"created": "2015-06-14T18:16:25.286-05:00",
"location": "http://<iiq_url>/identityiq/scim/v2/Accounts/8a8080824df45873014df45c164601d8",
"lastModified": "2021-09-28T17:02:05.132-05:00",
"version": "W/\"1632866525132\"",
"resourceType": "Account"
},
"schemas": [
"urn:ietf:params:scim:schemas:sailpoint:1.0:Account",
"urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:Active Directory:account"
],
"hasEntitlements": true,
"id": "8a8080824df45873014df45c164601d8",
"locked": false
}
Iâll keep looking to see if there is a simpler way, but this might help you make progress.
1 Like