We’ve integrated Veeva application using webservice connector. As per the requirement, IDN has to create domain account and then create vault users. We have multiple vaults around 80 for single domain. Is anyone has worked on similar requirement. Any design inputs will help. We’re planning to do account creation based on request, not birthright.
The API for vault account creation - https://{{vaultDNS}}/api/{{version}}/objects/users and what will be the API for domain user creation? How we provision both type of users domain and vault users? Can we use single connector to create account in multiple vaults. Will this can be created in parallel.
The /objects/users creates users at the domain level. For creating users at the vault level, you need to use the object record endpoint and create a new object record depending on the vault you are configuring. If you have multiple vaults, it would be better to use separate connector for better access control and governance. Access controls for each vault would be different.
@svenkitachalam Thanks for the input. I understood it will give better access controls and governance, if we go through the different connector, but currently the number vaults we have is 80 and also it might increase in future as well. Creating new connector for each would not be suitable solution for client. Can we use update vault membership API to add the users in Mutiple vault using Add entitlement API and use before operation rule to have a logic for each vault what to assign? Do you see any issue with this?
I haven’t tried it but your solution seems feasible. It might get more complex if you are trying to assign specific vault objects on each of the vault, but if you are just provisioning a user into a vault and not managing vault objects, your solution would be still doable.