Use an xml provisioning plan to add the same role to different identities

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

I am trying to use an xml provisioning plan like the one in the following example (launch-workflow | SailPoint Developer Community) to add the same role to different users. I am not able to understand how to structure the xml. Is there any documentation that can explain the AccountRequest Attributes Map Key-pairs, and the AttributeRequest?

2

Hi Ivan,
I would suggest to start with JavaDoc for this objects - I mean ProvisioningPlan, AccountRequest and AttributeRequest - this should already give you good insights how this objects are built. Then in the whitepaper about birthright provisioning - you will find example of Beanshell rule how to create provisioning plan from scratch
https://community.sailpoint.com/t5/Technical-White-Papers/Birthright-provisioning-pdf/ta-p/72041

finally - there’s whole whitepaper about provisioning which also might be usefull for you

3

Hello Kamil

thank you for your help. I had already read the documentation in the following link ( Provisioning (sailpoint.com)) that i think it’s the same as the one you provided me. Nevertheless i couldn’t find anything realted to the elements i am trying to understand from the xml file to POST to the https:///identityiq/scim/v2/LaunchedWorkflows.
I also tried to read the LaunchedWorkflows but also from that it’s unclear.

This is the XML i am trying to send to the endpoint:

 {
    "schemas": [
        "urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow",
        "urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult"
      ],
      "urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow": {
        "workflowName": "LCM Provisioning",
        "input": [
            {
              "key": "plan",
              "value": "<ProvisioningPlan>
                <AccountRequest application=\"IIQ\" op=\"Modify\" targetIntegration=\"IIQ\">
                <Attributes>
                <Map>
                <entry key=\"attachmentConfigList\"/>
                <entry key=\"attachments\"/>
                <entry key=\"flow\" value=\"AccessRequest\"/>
                <entry key=\"id\" value=\"<ROLE_ID>\"/>
                <entry key=\"interface\" value=\"LCM\"/>
                <entry key=\"operation\" value=\"RoleAdd\"/>
                </Map>
                </Attributes>
                <AttributeRequest assignmentId=\"<DO-NOT-KNOW-WHATS-THIS-IS-FOR>\" name=\"assignedRoles\" op=\"Add\" value=\"<NAME-OF-THE-ROLE>\"/>
                </AccountRequest>
                <Attributes>
                <Map>
                <entry key=\"identityRequestId\" value=\"0000000001\"/>
                <entry key=\"requester\" value=\"<ACCOUNT_NAME_THAT_MAKES_REQUEST>\"/>
                <entry key=\"source\" value=\"LCM\"/>
                </Map>
                </Attributes>
                <Requesters>
                <Reference class=\"sailpoint.object.Identity\" id=\"<ACCOUNT_ID_THAT_MAKES_REQUEST>\" name=\"ACCOUNT_NAME_THAT_MAKES_REQUEST\"/>
                </Requesters>
                </ProvisioningPlan>",
              "type": "application/xml"
            }
        ]
    }    
}

This is from the example link i posted in the question.

the response i get from the endpoint is “Missing required variable: identityName”, but nowhere i can find in the documentation where and how to define that in the xml file.
At the beginning I thought it was the assignmentId of the Attributes.
Is there any docuementation specific on how to preapare these XML?
Sorry i am new to SailPoint.

4

you are missing one of the mandatory key value pair . Check below sample
“key”: “identityName”,
“value”: “david.fox”

{
     "schemas": [
     "urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow",
     "urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult"
     ],
     "urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow": {
           "workflowName": "LCM Provisioning",
           "input": [
                {
                     "key": "plan",
                     "value": "<ProvisioningPlan nativeIdentity=\"david.fox\" targetIntegration=\"Active Directory\"><AccountRequest application=\"Active Directory\" nativeIdentity=\"CN=david.fox,OU=Demo,DC=test,DC=demo,DC=com\" op=\"Create\"><Attributes><Map><entry key=\"flow\" value=\"AccountsRequest\"/><entry key=\"interface\" value=\"LCM\"/><entry key=\"operation\" value=\"Create\"/><entry key=\"requester\" value=\"tedd.tyler\"/></Map></Attributes></AccountRequest><Attributes><Map><entry key=\"requester\" value=\"tedd.tyler\"/><entry key=\"source\" value=\"LCM\"/></Map></Attributes><Requesters><Reference class=\"sailpoint.object.Identity\" name=\"tedd.tyler\"/></Requesters></ProvisioningPlan>",
                     "type": "application\/xml"
                },
                {
                     "key": "identityName",
                     "value": "david.fox"
                }
           ]
     }
}
5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.