Web Service Connector Group related operations

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

8.4P1

Please share any images or screenshots, if relevant.

image
image1756×218 9.26 KB

Share all details about your problem, including any error messages you may have received.

Hi all,

I have a web service connector application integrated. I would like to understand for the Create/Update/Delete group operations in SailPoint, how do I trigger this? Where in the UI can I set it up to trigger these operations?

3

In the UI, navigate to Entitlement Catalog and select ‘New Entitlement’ to create groups for all existing applications in SailPoint. You can also edit or delete these groups by right-clicking on them. Additionally, ensure ‘Enable Account Group Management’ is checked under Settings → Lifecycle Manager → Configure tab. The new entitlement, edit, and delete options trigger the Entitlement Update OOTB Workflow in the backend, which generates a plan including object requests for create, modify, or delete operations. This workflow can be customized as needed.

4

Hi @rpriya may I check what is the name of the workflow?

5

It’s an OOTB Workflow named as - Entitlement Update

6

Hi @rpriya ,

  1. Could you share the original workflow code? I think my project has made some customisation and the flow is not triggering any api call.
  2. Do I need to have a create group policy for it to work?
    image
    image1894×719 24.8 KB
7

Hi @shijingg ,

You need to configure each operation you added. Simply click on the edit icon (pencil) and then configure the respective settings: context URL, method type, headers, and responses.

This is similar to the Create/Aggregation operation that you have set for the web service connector operations.

Thanks,
@SivaLankapalli

8

Hi @SivaLankapalli,

I did configure the create-group operation in my application.

image
image1862×845 45 KB

Thereafter, I went to Applications > Entitlement Catalog > Clicked ‘Add New Entitlement’ > Filled up the form and approved. However, the API did not seem to call? Am I missing something?

image
image1880×609 17.3 KB

9

Hi @shijingg,

The entitlement catalog serves as a repository for all access permissions related to the target applications.

You can read these permissions from connected applications (using group aggregations), or you can manually create or import them for disconnected applications.

Please note that adding or modifying entitlements will not automatically update the target applications.

Since version 8.2, SailPoint has introduced the capability to create entitlements directly, though this feature depends on the connector. I haven’t had the chance to try this out yet.

The Entitlement Update feature will be used for processing and provisioning in the target applications. I recommend exploring this functionality.

Let me know how it goes.

Thanks
@SivaLankapalli

10

Hi @SivaLankapalli , where is this feature available on IIQ UI?

11

  1. Ensure ‘Enable Account Group Management’ is checked under Settings → Lifecycle Manager → Configure tab

  2. Check the workflow being selected under Settings → Global Settings → IdentityIQ Settings → Miscellaneous → Business Processes → Entitlement Update

  3. Webservice Application xml should have GROUP_PROVISIONING in featureString at app level like <Application name="<App Name>" featuresString="GROUP_PROVISIONING" and at Schema level like <Schema displayAttribute="grp_id" featuresString="PROVISIONING"

1 Like
12

Hi @shijingg,

You can find this workflow or business process under the Setup menu.

image
image241×545 8.14 KB

From the debug page, you can search for the Workflow Object with the Name “Entitlement Update

Thanks,
Siva