Sources
Use this API to implement and customize source functionality. With source functionality in place, organizations can use Identity Security Cloud to connect their various sources and user data sets and manage access across all those different sources in a secure, scalable way.
Sources refer to the Identity Security Cloud representations for external applications, databases, and directory management systems that maintain their own sets of users, like Dropbox, GitHub, and Workday, for example. Organizations may use hundreds, if not thousands, of different source systems, and any one employee within an organization likely has a different user record on each source, often with different permissions on many of those records. Connecting these sources to Identity Security Cloud makes it possible to manage user access across them all. Then, if a new hire starts at an organization, Identity Security Cloud can grant the new hire access to all the sources they need. If an employee moves to a new department and needs access to new sources but no longer needs access to others, Identity Security Cloud can grant the necessary access and revoke the unnecessary access for all the employee's various sources. If an employee leaves the company, Identity Security Cloud can revoke access to all the employee's various source accounts immediately. These are just a few examples of the many ways that source functionality makes identity governance easier, more efficient, and more secure.
In Identity Security Cloud, administrators can create configure, manage, and edit sources, and they can designate other users as source admins to be able to do so. They can also designate users as source sub-admins, who can perform the same source actions but only on sources associated with their governance groups. Admins go to Connections > Sources to see a list of the existing source representations in their organizations. They can create new sources or select existing ones.
To create a new source, the following must be specified: Source Name, Description, Source Owner, and Connection Type. Refer to Configuring a Source for more information about the source configuration process.
Identity Security Cloud connects with its sources either by a direct communication with the source server (connection information specific to the source must be provided) or a flat file feed, a CSV file containing all the relevant information about the accounts to be loaded in. Different sources use different connectors to share data with Identity Security Cloud, and each connector's setup process is specific to that connector. SailPoint has built a number of connectors to come out of the box and connect to the most common sources, and SailPoint actively maintains these connectors. Refer to Identity Security Cloud Connectors for more information about these SailPoint supported connectors. Refer to the following links for more information about two useful connectors:
-
JDBC Connector: This customizable connector an directly connect to databases that support JDBC (Java Database Connectivity).
-
Web Services Connector: This connector can directly connect to databases that support Web Services.
Refer to SaaS Connectivity for more information about SailPoint's new connectivity framework that makes it easy to build and manage custom connectors to SaaS sources.
When admins select existing sources, they can view the following information about the source:
-
Associated connections (any associated identity profiles, apps, or references to the source in a transform).
-
Associated user accounts. These accounts are linked to their identities - this provides a more complete picture of each user's access across sources.
-
Associated entitlements (sets of access rights on sources).
-
Associated access profiles (groupings of entitlements).
The user account data and the entitlements update with each data aggregation from the source. Organizations generally run scheduled, automated data aggregations to ensure that their data is always in sync between their sources and their Identity Security Cloud tenants so an access change on a source is detected quickly in Identity Security Cloud. Admins can view a history of these aggregations, and they can also run manual imports. Refer to Loading Account Data for more information about manual and scheduled aggregations.
Admins can also make changes to determine which user account data Identity Security Cloud collects from the source and how it correlates that account data with identity data. To define which account attributes the source shares with Identity Security Cloud, admins can edit the account schema on the source. Refer to Managing Source Account Schemas for more information about source account schemas and how to edit them. To define the mapping between the source account attributes and their correlating identity attributes, admins can edit the correlation configuration on the source. Refer to Assigning Source Accounts to Identities for more information about this correlation process between source accounts and identities.
Admins can also delete sources, but they must first ensure that the sources no longer have any active connections: the source must not be associated with any identity profile or any app, and it must not be referenced by any transform. Refer to Deleting Sources for more information about deleting sources.
Well organized, mapped out connections between sources and Identity Security Cloud are essential to achieving comprehensive identity access governance across all the source systems organizations need. Refer to Managing Sources for more information about all the different things admins can do with sources once they are connected.
Lists all sources in IdentityNow.
Lists all sources in IdentityNow.
Creates a source in IdentityNow.
Creates a source in IdentityNow.
Get Source by ID
Get Source by ID
Update Source (Full)
Update Source (Full)
Update Source (Partial)
Update Source (Partial)
Delete Source by ID
Delete Source by ID
Lists ProvisioningPolicies
Lists ProvisioningPolicies
Create Provisioning Policy
Create Provisioning Policy
Get Provisioning Policy by UsageType
Get Provisioning Policy by UsageType
Update Provisioning Policy by UsageType
Update Provisioning Policy by UsageType
Partial update of Provisioning Policy
Partial update of Provisioning Policy
Delete Provisioning Policy by UsageType
Delete Provisioning Policy by UsageType
Bulk Update Provisioning Policies
Bulk Update Provisioning Policies
List Schemas on Source
List Schemas on Source
Create Schema on Source
Create Schema on Source
List Schedules on Source
List Schedules on Source
Create Schedule on Source
Create Schedule on Source
Get Source Schedule by Type
Get Source Schedule by Type
Update Source Schedule (Partial)
Update Source Schedule (Partial)
Delete Source Schedule by type.
Delete Source Schedule by type.
Get Source Schema by ID
Get Source Schema by ID
Update Source Schema (Full)
Update Source Schema (Full)
Update Source Schema (Partial)
Update Source Schema (Partial)
Delete Source Schema by ID
Delete Source Schema by ID
Fetches source health by id
Fetches source health by id
Downloads source accounts schema template
Downloads source accounts schema template
Uploads source accounts schema template
Uploads source accounts schema template
Downloads source entitlements schema template
Downloads source entitlements schema template
Uploads source entitlements schema template
Uploads source entitlements schema template
Upload connector file to source
Upload connector file to source
Get Source Correlation Configuration
Get Source Correlation Configuration
Update Source Correlation Configuration
Update Source Correlation Configuration
Attribute Sync Config
Attribute Sync Config
Update Attribute Sync Config
Update Attribute Sync Config
Check connection for source connector.
Check connection for source connector.
Peek source connector's resource objects
Peek source connector's resource objects
Ping cluster for source connector
Ping cluster for source connector
Test configuration for source connector
Test configuration for source connector
Gets source config with language translations
Gets source config with language translations
Native Change Detection Configuration
Native Change Detection Configuration
Update Native Change Detection Configuration
Update Native Change Detection Configuration
Delete Native Change Detection Configuration
Delete Native Change Detection Configuration
Remove All Accounts in a Source
Remove All Accounts in a Source
Synchronize single source attributes.
Synchronize single source attributes.
Get Source Entitlement Request Configuration
Get Source Entitlement Request Configuration
Update Source Entitlement Request Configuration
Update Source Entitlement Request Configuration
Account Aggregation
Account Aggregation
Process Uncorrelated Accounts
Process Uncorrelated Accounts