Siebel Integration – Forcing LCM Provisioning via API Instead of OOTB Connector

IdentityIQ (IIQ) IIQ Discussion and Questions
, , ,
1

Hello everyone,

I’m currently working on a Siebel integration in SailPoint IdentityIQ and would appreciate your insights on a design challenge.

Current Setup

  • We are using the OOTB Siebel connector strictly for:

    • Account aggregation

    • Responsibilities aggregation

    • Positions aggregation

  • This approach works well, especially since attempting aggregation via API results in timeouts.

Requirement

We need to provision accounts via API (Web Services connector) to support:

  • Creating users

  • Assigning:

    • Primary Responsibility + Additional Responsibilities

    • Primary Position + Additional Positions

  • The API handles the “primary” designation explicitly, which is not feasible through the OOTB connector.

Issue

When using LCM provisioning, SailPoint continues to generate and execute provisioning plans against the OOTB Siebel application, even though:

  • I have removed/disabled the provisioning configuration from the OOTB connector

  • I configured provisioning on the Web Services application

However, LCM still routes provisioning to the OOTB application instead of the API-based one.

Question

What is the best practice to enforce provisioning through the Web Services connector (API) while still using the OOTB Siebel connector for aggregation only?

Any recommendations on how to:

  • Override LCM provisioning behavior?

  • Force provisioning to a specific application (Web Services)?

  • Or architect this hybrid approach properly?

Thanks in advance!

2

Hi @IslamElkhouly,

I’ve recently developed something similar using an OOTB connector & JDBC application. Where I had the JDBC application do the aggregation (so that we could partition the account aggregation as the OOTB connector didn’t support it) and then use the OOTB connector for the provisioning.

To achieve this you use what’s called a “Dual Channel” connector see this link for an example https://community.sailpoint.com/t5/IdentityIQ-Forum/Mixed-connector-for-in-outbound/m-p/131985#M113866

But really what you would do is add a ProvisioningConfig (see below) to your Web Services app. Therefor all provisioning operations for the Siebel application would instead be done through Web Services app. Let me know if this works or if you run into any issues with this approach.

<ProvisioningConfig>
    <ManagedResource name="Siebel">
      <ApplicationRef>
        <Reference class="sailpoint.object.Application" name="Siebel Application"/>
      </ApplicationRef>
    </ManagedResource>
  </ProvisioningConfig>

This post was answered by a Palyrian Solutions Architect. Feel free to message me directly if your problem requires a deeper dive.
:globe_with_meridians: palyrian.com | :telephone_receiver: ‪(301) 284-8124‬