Seeking Guidance and Clarifications for SailPoint IIQ Implementation

Which IIQ version are you inquiring about?

Version 8.X

Share all details related to your problem, including any error messages you may have received.

Dear SailPoint Community,

I hope this message finds you well. I am currently working on a SailPoint IIQ implementation with a specific focus on integrating IdentityIQ forms and plugins with Spring Boot REST API endpoints. My objective is to ensure that users authenticate with their own credentials when invoking APIs for capabilities, avoiding reliance on service account OAuth credentials tied to API endpoints like fetchRoleDetails.

I have a few points of focus and would appreciate your guidance on these matters:

User Context and Authentication:
How can I ensure that users authenticate with their own credentials when invoking API endpoints such as fetchRoleDetails, rather than relying on service account OAuth credentials?
What best practices can be employed to manage user context effectively in SailPoint IIQ?

Identity Objects and Capabilities:
Could you provide insights into how user context ties with identity objects in SailPoint IIQ?
In IdentityNow, personal access tokens are available for users, enabling automated token management during user lifecycle events. How can a similar solution be achieved in SailPoint IIQ to automate access token processes?

SailPoint Context and Identity Object Retrieval:
I am interested in understanding how to retrieve the SailPoint context to obtain an identity object, enabling access to associated capabilities.
What are the recommended approaches for obtaining an identity object in SailPoint IIQ, and how does this process align with user context management?

Importance of Personal Access Tokens:
Are there existing features or practices within SailPoint IIQ that serve a similar purpose, or is there a need for custom solutions in this regard?
I truly appreciate your expertise and insights on these topics. Your guidance will contribute significantly to our ongoing SailPoint implementation project. Additionally, if there are specific community forums or resources where I can delve deeper into these discussions, I would be grateful for any recommendations.

Thank you for your time and assistance.

Best regards,

Persistent Systems
[email protected]

  1. You have the ability to construct your APIs using the SailPoint plugin module. Additionally, you can define specific capabilities that enable the execution of REST APIs. These capabilities can be allocated to individual users within SailPoint IIQ, ensuring that only those users possess the authority to execute the associated plugin.
  2. When you authenticate with a user in SailPoint , it can only perform activites as per its capabilities.
  3. There is no concept of personal tokens today in SailPoint, however there is a method available to enable Ouath which can be used to get a token for a user. The user once authenticated will be able to execute API’s as per its capabilties.

Hi Ravish,
As per my understanding of your requirement here are my suggestions:
1.Include the form you’ve created in import>install folder of the plugin.

  1. If you want users to use their credentials only, then you can probably add a little bit of UI in your plugin include a js file that consists of a login modal page over your form which will prompt user to use their own credentials. You can use these credentials in the backend to check weather they work or not by sending out a simple API call to fetch users or something and if response is ok then the credentials are good to go and you can disable the modal after that.

  2. here’s a small example how you can use context for identity object retrieval

import sailpoint.object.QueryOptions;
import sailpoint.object.Filter;
import sailpoint.object.Identity;
Filter f = Filter.eq("department","ENG department");
QueryOptions ops = new QueryOptions();

List engdepidentities = context.getObjects(Identity.class, ops);

Also, use java docs for more clarity on the above code.

Please do let me know if my input was helpful…

Thanks & Regards

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.