Skip to main content

Create Schema on Source

POST 

/sources/:sourceId/schemas

Use this API to create a new schema on the specified source in Identity Security Cloud (ISC).

Request

Path Parameters

    sourceId stringrequired

    Source ID.

    Example: 2c9180835d191a86015d28455b4a2329

Body

required

    id string

    The id of the Schema.

    name string

    The name of the Schema.

    nativeObjectType string

    The name of the object type on the native system that the schema represents.

    identityAttribute string

    The name of the attribute used to calculate the unique identifier for an object in the schema.

    displayAttribute string

    The name of the attribute used to calculate the display value for an object in the schema.

    hierarchyAttribute string

    The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.

    includePermissions boolean

    Flag indicating whether or not the include permissions with the object data when aggregating the schema.

    features string[]

    Possible values: [AUTHENTICATE, COMPOSITE, DIRECT_PERMISSIONS, DISCOVER_SCHEMA, ENABLE, MANAGER_LOOKUP, NO_RANDOM_ACCESS, PROXY, SEARCH, TEMPLATE, UNLOCK, UNSTRUCTURED_TARGETS, SHAREPOINT_TARGET, PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, PASSWORD, CURRENT_PASSWORD, ACCOUNT_ONLY_REQUEST, ADDITIONAL_ACCOUNT_REQUEST, NO_AGGREGATION, GROUPS_HAVE_MEMBERS, NO_PERMISSIONS_PROVISIONING, NO_GROUP_PERMISSIONS_PROVISIONING, NO_UNSTRUCTURED_TARGETS_PROVISIONING, NO_DIRECT_PERMISSIONS_PROVISIONING, PREFER_UUID, ARM_SECURITY_EXTRACT, ARM_UTILIZATION_EXTRACT, ARM_CHANGELOG_EXTRACT, USES_UUID]

    Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.

    • AUTHENTICATE: The source supports pass-through authentication.
    • COMPOSITE: The source supports composite source creation.
    • DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
    • DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
    • ENABLE The source supports reading if an account is enabled or disabled.
    • MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
    • NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
    • PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
    • SEARCH
    • TEMPLATE
    • UNLOCK: The source supports reading if an account is locked or unlocked.
    • UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
    • SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
    • PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
    • GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
    • SYNC_PROVISIONING: The source can provision accounts synchronously.
    • PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
    • CURRENT_PASSWORD: Some source types support verification of the current password
    • ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
    • ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
    • NO_AGGREGATION: A source that does not support aggregation.
    • GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
    • NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
    • NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
    • NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
    • NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
    • USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
    • PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
    • ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
    • ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
    • ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
    configuration object

    Holds any extra configuration data that the schema may require.

    attributes

    object[]

    The attribute definitions which form the schema.

  • Array [

  • name string

    The name of the attribute.

    type AttributeDefinitionType (string)

    Possible values: [STRING, LONG, INT, BOOLEAN]

    The underlying type of the value which an AttributeDefinition represents.

    schema

    object

    A reference to the schema on the source to the attribute values map to.

    type string

    Possible values: [CONNECTOR_SCHEMA]

    The type of object being referenced

    id string

    The object ID this reference applies to.

    name string

    The human-readable display name of the object.

    description string

    A human-readable description of the attribute.

    isMulti boolean

    Flag indicating whether or not the attribute is multi-valued.

    isEntitlement boolean

    Flag indicating whether or not the attribute is an entitlement.

    isGroup boolean

    Flag indicating whether or not the attribute represents a group. This can only be true if isEntitlement is also true and there is a schema defined for the attribute.

  • ]

  • created date-time

    The date the Schema was created.

    modified date-time

    The date the Schema was last modified.

Responses

The schema was successfully created on the specified source.

Schema

    id string

    The id of the Schema.

    name string

    The name of the Schema.

    nativeObjectType string

    The name of the object type on the native system that the schema represents.

    identityAttribute string

    The name of the attribute used to calculate the unique identifier for an object in the schema.

    displayAttribute string

    The name of the attribute used to calculate the display value for an object in the schema.

    hierarchyAttribute string

    The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.

    includePermissions boolean

    Flag indicating whether or not the include permissions with the object data when aggregating the schema.

    features string[]

    Possible values: [AUTHENTICATE, COMPOSITE, DIRECT_PERMISSIONS, DISCOVER_SCHEMA, ENABLE, MANAGER_LOOKUP, NO_RANDOM_ACCESS, PROXY, SEARCH, TEMPLATE, UNLOCK, UNSTRUCTURED_TARGETS, SHAREPOINT_TARGET, PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, PASSWORD, CURRENT_PASSWORD, ACCOUNT_ONLY_REQUEST, ADDITIONAL_ACCOUNT_REQUEST, NO_AGGREGATION, GROUPS_HAVE_MEMBERS, NO_PERMISSIONS_PROVISIONING, NO_GROUP_PERMISSIONS_PROVISIONING, NO_UNSTRUCTURED_TARGETS_PROVISIONING, NO_DIRECT_PERMISSIONS_PROVISIONING, PREFER_UUID, ARM_SECURITY_EXTRACT, ARM_UTILIZATION_EXTRACT, ARM_CHANGELOG_EXTRACT, USES_UUID]

    Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.

    • AUTHENTICATE: The source supports pass-through authentication.
    • COMPOSITE: The source supports composite source creation.
    • DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
    • DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
    • ENABLE The source supports reading if an account is enabled or disabled.
    • MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
    • NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
    • PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
    • SEARCH
    • TEMPLATE
    • UNLOCK: The source supports reading if an account is locked or unlocked.
    • UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
    • SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
    • PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
    • GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
    • SYNC_PROVISIONING: The source can provision accounts synchronously.
    • PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
    • CURRENT_PASSWORD: Some source types support verification of the current password
    • ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
    • ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
    • NO_AGGREGATION: A source that does not support aggregation.
    • GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
    • NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
    • NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
    • NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
    • NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
    • USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
    • PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
    • ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
    • ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
    • ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
    configuration object

    Holds any extra configuration data that the schema may require.

    attributes

    object[]

    The attribute definitions which form the schema.

  • Array [

  • name string

    The name of the attribute.

    type AttributeDefinitionType (string)

    Possible values: [STRING, LONG, INT, BOOLEAN]

    The underlying type of the value which an AttributeDefinition represents.

    schema

    object

    A reference to the schema on the source to the attribute values map to.

    type string

    Possible values: [CONNECTOR_SCHEMA]

    The type of object being referenced

    id string

    The object ID this reference applies to.

    name string

    The human-readable display name of the object.

    description string

    A human-readable description of the attribute.

    isMulti boolean

    Flag indicating whether or not the attribute is multi-valued.

    isEntitlement boolean

    Flag indicating whether or not the attribute is an entitlement.

    isGroup boolean

    Flag indicating whether or not the attribute represents a group. This can only be true if isEntitlement is also true and there is a schema defined for the attribute.

  • ]

  • created date-time

    The date the Schema was created.

    modified date-time

    The date the Schema was last modified.

Loading...