Security Questions retrieval for Third-party integrations via API

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Hi Everybody, my team is currently working on a POC to integrate IdentityIQ with a ChatBot via APIs. The goal is that the ChatBot will be able to validate Security Questions for the user so it doesn’t have be done by an Agent (person). I have tried to look around but so far no luck.

I do know there is an API endpoint that is getting hit at least by the UI (/identityiq/ui/rest/securityQuestions/questions) but not sure if it is possible to use it outside of it.

Appreciate any guidance you can provide.

Regards

2

The “official” answer would be to build a Plugin that defines APIs for the bot to use, but you could also leverage the launch-workflow | SailPoint Developer Community OOB API and create a custom workflow that checks security questions/answers. Note that you would still have to build out the workflow to parse, check, and validate the security question input from the chatbot.

It’s been a while since I made a workflow around that kind of use-case, but I’m pretty sure if the workflow runs to completion without being backgrounded, the response to the API request will include the result of the workflow as well, including workflow variables and their values, which you could use to indicate success/valid or failure/invalid.

Here’s the example response to a Manage Passwords provisioning request initiated via the launch-workflow API. I’m sure you can build a workflow that can handle your use-case. The most obvious output to key on would be the completionStatus key, which indicates whether the workflow ended without an exception. If a bot-submitted question/answer pair doesn’t pass validation, you can error out the workflow/force it to fail, and use that as your way of checking whether a security question/answer combo submitted via the bot is correct.

{
  "targetName": "Ernest.Wagner",
  "verified": "2022-05-26T11:17:13.481-05:00",
  "partitioned": false,
  "completed": "2022-05-26T11:17:13.678-05:00",
  "type": "LCM",
  "launched": "string",
  "pendingSignOffs": 0,
  "urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow": {
    "output": [
      {
        "type": "application/int",
        "value": "0",
        "key": "workflowSummary"
      }
    ],
    "retries": 0,
    "input": [
      {
        "key": "optimisticProvisioning",
        "value": "true",
        "type": "boolean"
      }
    ],
    "workflowSummary": "<WorkflowSummary step=\"end\"/>\n",
    "workflowName": "LCM Manage Passwords.",
    "identityRequestId": "0000000004",
    "workflowCaseId": "c0a8019c810011478181012862b81568"
  },
  "targetClass": "Identity",
  "meta": [
    {
      "created": "2022-03-31T14:52:40.245-05:00",
      "location": "http://localhost:8080/identityiq/scim/v2/TaskResults/c0a8019c810011478181012862b51567",
      "lastModified": "2022-03-31T14:52:40.265-05:00",
      "version": "\"W\"1649951092552\"",
      "resourceType": "LaunchedWorkflow"
    }
  ],
  "schemas": [
    [
      "urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow",
      "urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult"
    ]
  ],
  "name": "LCM Manage Passwords - 2",
  "messages": [
    [
      "Connection error"
    ]
  ],
  "Attributes": {
    "key": "retries",
    "value": "0"
  },
  "id": "c0a8019c810011478181012862b51567",
  "completionStatus": "Success",
  "taskDefinition": "Workflow Launcher",
  "terminated": false,
  "launcher": "spadmin"
}
2 Likes