Share all details about your problem, including any error messages you may have received.
I’ve been trying to figure a solution on how to connect IdentityIQ to the EverBridge application. No OOTB connector, no SCIM api, and the vendor explicitly states that SSO (single-sign-on) does not provision accounts upon successful login.
From what I have gathered, this effectively leaves the Web Services Connector. I’ve been reading the documentation, and I have felt overwhelmed. Integrating SailPoint with Web Services
The variable syntax is different than BeanShell or Apache Velocity. For anyone who has had to make a general web services connector to create and delete accounts, could you attach your XML template so I can see how to properly organize the API calls for provisioning actions?
I understand REST API very well because I am a web app developer. The difficulty for me is fitting what I know to do with REST APIs into IdentityIQ’s web service connector format.
Looking at the docs you provided, it definitely looks like the web services connector in IIQ should work.
Can you let us know what step you are stuck with? If you haven’t started, I would start with filling out the authentication method and adding a Test Connection Operation. Once authentication and test connection are working, the rest of the operations become more straight forward especially if you are familiar with beanshell in before/after rules.
Feel free to ask any questions so we can get you going!
You can go ahead with the web service connector. The good thing is that you have the API document to implement this application without issues. Just follow the request body JSON and response JSON to aggregate accounts. I think you mostly don’t need Benshell code.
@acrumley Good part is you already have the documentations for both connector and EverBridge APIs. Please let us know where exactly you are stuck? Do you need any help with configuring the endpoints, mapping schema or something else. This will allow us to help you better.
Thank you for the help @neel193. I will more precisely define my hang-up. I read some more of the documentation on how to properly access objects within the Body/Response sections.
I need help with getting identity attributes pushed to the JSON body to define user creation. I need help with reading the object from the JSON response and mapping them to the schema for Links.
As for testing, I am not able to hit the API yet. However, I do know my timeline will be tight between initial tenant setup and go-live. I really don’t want to be scrambling trying to get this to work.
I am very good at extrapolating from example code, so if you have a web services connector that has similar REST endpoints for user management, I can easily read from where you get your data from syntax wise.
I’ve already done a little bit of homework for the basic user endpoints to help you see where I stand:
@acrumley I don’t have any webservice app in my sandbox which i can share. But if it works, we can connect over a call to discuss and try out the configuration.
First setp, you need to feed the values into the Provisioning Plan by using a provisioning policy: firstname, lastname, and id. Then, you can extract them from the provisioning plan in the request body. As said, you can’t get the identity object { "$plan.identity.mail$ directly from the provisioning plan. For this scenario, it’s better to create a provision policy, feeding the values by extracting them from the identity so that you will get the desired values in the Provisioning Plan. Then, the JSON values below will be set while the user requests access.
Your snippet helps me be sure of the syntax for using existing link attributes in the URL bar to do any kind of account-based action (update attributes, delete specific account, etc.)
It is better to use the Provision policy if you need to calculate data and return retrun a value attribute; that’s why you can avoid the most complex things in the JSON body.
Couldn’t agree with you more. Thank you for helping me organize where the logic goes and how to properly plug it into the Web Services connector API calls
@Peddapolu Currently, i am able to query the users endpoint and get some data. However, the preview data button shows IIQ shoving all of the users records onto one row:
username = [“user1”, “user2”]
email = [“email1”, “email2”]
So then it only sees 1 account on the preview window and doesn’t iterate through them properly
Here is my List Uses (account aggregation) snippet:
Yep, I was able to separate them out properly. thank you. I have read the pagination documentation thoroughly. However, i am not seeing in the pagination steps where I can overwrite the next URL for pagination calls.
I don’t hit pagination api’s often, and I’ve seen them different ways. I’m seeing my condition being:
TERMINATE IF nextPageUri == NULL
However, I don’t know in the URL bar on the original request how to update it accordingly for subsequent calls
Hi @acrumley Yep, as per configuration, the connector behavior is good. I got it, since you are using a single data list object, it will come in a single row with all the user’s info. To fix this issue, you should configure the root path as $.page.data.* or $.page.data[*] in order to extract user data individually. I have provided a sample pagination logic, you can configure pagination based on your endpoint.
I have successfully gotten the CREATE operation to work. However, DELETE is not. It says in the docs that the URL query parameters is enough to delete the account. I have made the correct request, but I am getting an error saying I don’t have the “Get-Object” option configured. From my understanding, I didn’t need this configured to do the DELETE operation:
I have the schema setup where the nativeIdentity is the unique ID that the application returns upon creation:
