Using IIQ SCIM filter to return Users part of an Authoritative Source Account

IdentityIQ (IIQ) IIQ Discussion and Questions
2

I’d take a slightly different approach since you know the account ID, and that would be to pull the account info from the Accounts API, which has a reference to the owning identity:

http://localhost:8080/iiq/scim/v2/Accounts/0a0a436a87c81e488187c8555472761e

{
  "lastRefresh": "2023-04-28T15:02:11.368Z",
  "displayName": "harnefield",
  "active": true,
  "manuallyCorrelated": false,
  "nativeIdentity": "cn=harnefield,ou=People,dc=icc,dc=local",
  "application": {
    "displayName": "LDAP (OpenDJ)",
    "value": "0a0a436a87c81a138187c83a36100014",
    "$ref": "http://localhost:8080/iiq/scim/v2/Applications/0a0a436a87c81a138187c83a36100014"
  },
  "identity": {
    "displayName": "Arnefield, Hart",
    "userName": "002588",
    "value": "0a0a436a87c81e488187c85230280994",
    "$ref": "http://localhost:8080/iiq/scim/v2/Users/0a0a436a87c81e488187c85230280994"
  },
  "meta": {
    "created": "2023-04-28T14:47:28.114Z",
    "location": "http://localhost:8080/iiq/scim/v2/Accounts/0a0a436a87c81e488187c8555472761e",
    "lastModified": "2023-04-28T15:02:11.368Z",
    "version": "W/\"1682694131368\"",
    "resourceType": "Account"
  },
  "schemas": [
    "urn:ietf:params:scim:schemas:sailpoint:1.0:Account",
    "urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:LDAP (OpenDJ):account"
  ],
  "hasEntitlements": true,
  "urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Schema:LDAP (OpenDJ):account": {
    "st": "MI",
    "mail": "[email protected]",
    "manager": "cn=cmarusik,ou=People,dc=icc,dc=local",
    "displayName": "Arnefield, Hart",
    "givenName": "Hart",
    "objectClass": [
      "top",
      "inetOrgPerson",
      "organizationalPerson",
      "person"
    ],
    "description": "Arnefield, Hart",
    "groups": [
      "cn=Users,ou=groups,dc=icc,dc=local"
    ],
    "dn": "cn=harnefield,ou=People,dc=icc,dc=local",
    "cn": "harnefield",
    "facsimileTelephoneNumber": [],
    "title": "Marketing Executive",
    "l": "Ti├¬n Phã░ß╗øc",
    "carLicense": [],
    "employeeNumber": "002588",
    "o": "Your Company",
    "uid": "002588",
    "employeeType": "employee",
    "businessCategory": "Your Company",
    "sn": "Arnefield"
  },
  "id": "0a0a436a87c81e488187c8555472761e",
  "locked": false
}

Note that this API also supports SCIM filters, so you can create filters on the Accounts API to filter by identity name, app name, etc.