Hi folks,
Working on SCIM connector for the first time so trying to understand a few use cases. User creation and update was pretty simple and works directly by adding policy.
Now i need to configure 2 more things.
if a user is terminated in SailPoint, i need to delete his account in SCIM target application - what needs to be done for this at application level. Would a simple delete and disable policy suffice ? What attributes are needed as part of this policy.
By default users needs to be added to a few groups in target. How can i add this to users via the SCIM connector.
if a user is terminated in SailPoint, i need to delete his account in SCIM target application - what needs to be done for this at application level. Would a simple delete and disable policy suffice ? What attributes are needed as part of this policy. Ans: There is no particular action required for it from SailPoint end. Disable/Delete Policy might not be required because the only attribute required for Delete endpoint is userID (nativeIdentity). Please find the below screenshot for RFC document which mentions about Delete Operation,
By default users needs to be added to a few groups in target. How can i add this to users via the SCIM connector. Ans: For even Add Users and Remove Users you might not require any specific changes in Sailpoint. The SCIM protocol adds user to a group via the group endpoint. And the only prerequisite for adding and removing to work correctly is that the entitlements should be onboarded properly into IIQ. In order to enable PATCH operation in IIQ, add the following entry in application.xml from the debug page. Also find the screenshot from RFC with sample PATCH operation
