I am working on Add/Remove entitlement for web services connector. The way its end point works is that we have to pass all the members who are supposed to have access to the entitlement. e.g. if currently X and Y have access to the entitlement and we want Z to have access, we will have to pass X, Y and Z. I am planning to write a before provisioning rule to search for the accounts having that particular entitlement and use that in JSON response. I am from IIQ background and I know we can use ManagedAttribute and AccountGroupService class in IIQ. But I am not sure how I can do this search in IdentityNow especially when we are not supposed to use getObject type of methods. Can someone please help me figuring this out?
You can use before operation rule, call end source api and get list of current users and then fill in the body with that list.
This approach would not scale if there are huge number of accounts on end source. Looking at the api design it seems like some end source whose REST api is not matured.
No, you cannot use internally available objects which you guys were using in iiq. If you want to get all identities who are part of some groups then the only answer here is search apis but I don’t think you can incorporate them in WS source in conjunction with your end source api.
Did you happen to figure out the best way to do this with a Before Operation rule? Would you mind sharing your rule? We are running into the same issue and I am just looking for an example of how to get this information in the rule.