You can check if there is any attribute in account schema has Type as Group and just mark them as entitlement & multivalued. Then you may try aggregating account.
Thank you for the question. I checked the response from both the APIs as shared above and i could not find information about user group assignments in the response in either of the API /users or /groups but not sure if i overlooked something.
But ideally one of the API should provide you the identity assignment or may be there should be another API that can grant you this information, then you can use the parent endpoint configuration to retrieve the assignments details without having to write a rule.
I confirm that the account schema includes the “usergroups” attribute. Please see the screenshot provided below. I have attempted account aggregation multiple times, but the results remain unchanged.
Listing Users: We will get all list of users.
GET: https://server_address.com:8443/biprws/v1/users
Context URL: https://server_address.com:8443/biprws
Base URL: /v1/users
Getting Users Details: We will get particular user details.
GET: https://server_address.com:8443/biprws/v1/users/user_id.
Context URL: https://server_address.com:8443/biprws
Base URL: /v1/users/12246
user id is: 12246
Listing User Groups. Get the list of all groups.
GET: https://server_address.com:8443/biprws/v1/usergroups.
Context URL: https://server_address.com:8443/biprws
Base URL: /v1/usergroups
Getting User Group Details. We will get particular user group details.
GET: https://server_address.com:8443/biprws/v1/usergroups/<usergroup_id>
Context URL: https://server_address.com:8443/biprws
Base URL: /v1/1547098
usergroup_id is: 1547098
Listing All Users in an User Group. We will get all users in a particular usergroup.
GET:https://server_address.com:8443/biprws/v1/userGroups/<usergroup_id>/users
Context URL: https://server_address.com:8443/biprws
Base URL: /v1/userGroups/1547098/users
usergroup_id is: 1547098
Thank you for the response. Can you please confirm if there is no API to retrieve the group assignments from user level ? If that is the case then you may need to go for web service after operation rule as well which is a connector rule and you will need to use this role to add the groups assignments for the user when you invoke account aggregation operation.
So below will be the structure in my opinion and not sure if there is an easy way to achieve this.
For Account Aggregation
Configure Account aggregation operation contextURL /v1/users. This will give you the all the users. You may also need to configure pagination here and of course response status code and response body mapping needs to be maintained.
You may need to use the parent endpoint configuration ONLY if you need additional details like lastLogon information to be stored in ISC. So you will use the parent endpoint configuration here such that after the first step is executed this step will start and you will use here API GET: https://server_address.com:8443/biprws/v1/users/$response.user_id. Make sure to retrieve user_id in first API call in response body configuration and here you can configure additional details in response body.
So till this step you will be able to cover all identity attribute assignments. And assuming that there is no API to retrieve the identity assignments from account aggregation, you will need to use either in step 1 or step2 after connector rule. I would prefer to add it at step 2 although.
In after operation rule, then you will need make API call to read all the groups and then check for each group if the current person is assigned, if that is the case then update the response json to include the group assignment so that you will have the information about user assignment.
I can think of only this way to achieve the requirement and i hope the groups are not very large in number otherwise the aggregation can take very long as we are looping over each group in connector rule.
So in my opinion, if you are developing this API , then have an endpoint like v2/userId/groupAsignment that will give you group assignments from user’s endpoint. Otherwise the above approach can be followed to make it work.
I hope this information helps. If you need more information, please let us know.
Please find the below API it will return only one user group details.
Getting User Group Details. We will get particular user group details.
GET: https://server_address.com:8443/biprws/v1/usergroups/<usergroup_id>
Context URL: https://server_address.com:8443/biprws
Base URL: /v1/usergroups/1547098
usergroup_id is: 1547098
You will need to use the the xPath libraries in the java code like DocumentBuilder, DocumentBuilderFactory and node to extract this node value from the xml response.
The xPath to extract the id field should be i believe like this attr[@name=‘id’]/text() but please double check this with the xPath validators available online.
Complete java code for xml use-case i do not have but there are numerious examples you can get online easily . You can also check in the API by passing the header accept= aplication/json if that gives you response in json format and then you can use json libraries to get it work but that generally depends on the application.