Skip to main content

Creates a source in IdentityNow.

POST 
/sources

This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.

Request

Query Parameters

    provisionAsCsv boolean

    If this parameter is true, it configures the source as a Delimited File (CSV) source. Setting this to true will automatically set the type of the source to DelimitedFile. You must use this query parameter to create a Delimited File source as you would in the UI. If you don't set this query parameter and you attempt to set the type attribute directly, the request won't correctly generate the source.

    Example: false

Body

required
    name stringrequired

    Human-readable name of the source

    description string

    Human-readable description of the source

    owner objectrequired

    Reference to an owning Identity Object

    type string

    Possible values: [IDENTITY]

    The type of object being referenced

    id string

    ID of the identity

    name string

    Human-readable display name of the identity

    cluster objectnullable

    Reference to the associated Cluster

    type stringrequired

    Possible values: [CLUSTER]

    The type of object being referenced

    id stringrequired

    ID of the cluster

    name stringrequired

    Human-readable display name of the cluster

    accountCorrelationConfig objectnullable

    Reference to an Account Correlation Config object

    type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG]

    The type of object being referenced

    id string

    ID of the account correlation config

    name string

    Human-readable display name of the account correlation config

    accountCorrelationRule objectnullable

    Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.

    type string

    Possible values: [RULE]

    The type of object being referenced

    id string

    ID of the rule

    name string

    Human-readable display name of the rule

    managerCorrelationMapping object

    Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity

    accountAttributeName string

    Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.

    identityAttributeName string

    Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.

    managerCorrelationRule objectnullable

    Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.

    type string

    Possible values: [RULE]

    The type of object being referenced

    id string

    ID of the rule

    name string

    Human-readable display name of the rule

    beforeProvisioningRule objectnullable

    Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.

    type string

    Possible values: [RULE]

    The type of object being referenced

    id string

    ID of the rule

    name string

    Human-readable display name of the rule

    schemas object[]

    List of references to Schema objects

  • Array [
    • type string

    Possible values: [CONNECTOR_SCHEMA]

    The type of object being referenced

    id string

    ID of the schema

    name string

    Human-readable display name of the schema

  • ]
    • passwordPolicies object[]nullable

    List of references to the associated PasswordPolicy objects.

  • Array [
    • type string

    Possible values: [PASSWORD_POLICY]

    The type of object being referenced

    id string

    ID of the policy

    name string

    Human-readable display name of the policy

  • ]
    • features string[]

    Possible values: [AUTHENTICATE, COMPOSITE, DIRECT_PERMISSIONS, DISCOVER_SCHEMA, ENABLE, MANAGER_LOOKUP, NO_RANDOM_ACCESS, PROXY, SEARCH, TEMPLATE, UNLOCK, UNSTRUCTURED_TARGETS, SHAREPOINT_TARGET, PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, PASSWORD, CURRENT_PASSWORD, ACCOUNT_ONLY_REQUEST, ADDITIONAL_ACCOUNT_REQUEST, NO_AGGREGATION, GROUPS_HAVE_MEMBERS, NO_PERMISSIONS_PROVISIONING, NO_GROUP_PERMISSIONS_PROVISIONING, NO_UNSTRUCTURED_TARGETS_PROVISIONING, NO_DIRECT_PERMISSIONS_PROVISIONING, PREFER_UUID, ARM_SECURITY_EXTRACT, ARM_UTILIZATION_EXTRACT, ARM_CHANGELOG_EXTRACT, USES_UUID]

    Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.

    • AUTHENTICATE: The source supports pass-through authentication.
    • COMPOSITE: The source supports composite source creation.
    • DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
    • DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
    • ENABLE The source supports reading if an account is enabled or disabled.
    • MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
    • NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
    • PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
    • SEARCH
    • TEMPLATE
    • UNLOCK: The source supports reading if an account is locked or unlocked.
    • UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
    • SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
    • PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
    • GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
    • SYNC_PROVISIONING: The source can provision accounts synchronously.
    • PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
    • CURRENT_PASSWORD: Some source types support verification of the current password
    • ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
    • ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
    • NO_AGGREGATION: A source that does not support aggregation.
    • GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
    • NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
    • NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
    • NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
    • NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
    • USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
    • PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
    • ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
    • ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
    • ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
    type string

    Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the provisionasCsv query parameter to true.

    connector stringrequired

    Connector script name.

    connectorClass string

    The fully qualified name of the Java class that implements the connector interface.

    connectorAttributes object

    Connector specific configuration; will differ from type to type.

    deleteThreshold int32

    Number from 0 to 100 that specifies when to skip the delete phase.

    authoritative boolean

    Default value: false

    When true indicates the source is referenced by an IdentityProfile.

    managementWorkgroup objectnullable

    Reference to Management Workgroup for this Source

    type string

    Possible values: [GOVERNANCE_GROUP]

    The type of object being referenced

    id string

    ID of the management workgroup

    name string

    Human-readable display name of the management workgroup

    healthy boolean

    Default value: false

    When true indicates a healthy source

    status string

    A status identifier, giving specific information on why a source is healthy or not

    since string

    Timestamp showing when a source health check was last performed

    connectorId string

    The id of connector

    connectorName string

    The name of the connector that was chosen on source creation

    connectionType string

    The type of connection (direct or file)

    connectorImplementationId string

    The connector implementation id

    created date-time

    The date-time when the source was created

    modified date-time

    The date-time when the source was last modified

    credentialProviderEnabled boolean

    Default value: false

    Enables credential provider for this source. If credentialProvider is turned on then source can use credential provider(s) to fetch credentials.

    category stringnullable

    The category of source (e.g. null, CredentialProvider)

Responses

Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.

Schema
    id string

    the id of the Source

    name stringrequired

    Human-readable name of the source

    description string

    Human-readable description of the source

    owner objectrequired

    Reference to an owning Identity Object

    type string

    Possible values: [IDENTITY]

    The type of object being referenced

    id string

    ID of the identity

    name string

    Human-readable display name of the identity

    cluster objectnullable

    Reference to the associated Cluster

    type stringrequired

    Possible values: [CLUSTER]

    The type of object being referenced

    id stringrequired

    ID of the cluster

    name stringrequired

    Human-readable display name of the cluster

    accountCorrelationConfig objectnullable

    Reference to an Account Correlation Config object

    type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG]

    The type of object being referenced

    id string

    ID of the account correlation config

    name string

    Human-readable display name of the account correlation config

    accountCorrelationRule objectnullable

    Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.

    type string

    Possible values: [RULE]

    The type of object being referenced

    id string

    ID of the rule

    name string

    Human-readable display name of the rule

    managerCorrelationMapping object

    Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity

    accountAttributeName string

    Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.

    identityAttributeName string

    Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.

    managerCorrelationRule objectnullable

    Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.

    type string

    Possible values: [RULE]

    The type of object being referenced

    id string

    ID of the rule

    name string

    Human-readable display name of the rule

    beforeProvisioningRule objectnullable

    Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.

    type string

    Possible values: [RULE]

    The type of object being referenced

    id string

    ID of the rule

    name string

    Human-readable display name of the rule

    schemas object[]

    List of references to Schema objects

  • Array [
    • type string

    Possible values: [CONNECTOR_SCHEMA]

    The type of object being referenced

    id string

    ID of the schema

    name string

    Human-readable display name of the schema

  • ]
    • passwordPolicies object[]nullable

    List of references to the associated PasswordPolicy objects.

  • Array [
    • type string

    Possible values: [PASSWORD_POLICY]

    The type of object being referenced

    id string

    ID of the policy

    name string

    Human-readable display name of the policy

  • ]
    • features string[]

    Possible values: [AUTHENTICATE, COMPOSITE, DIRECT_PERMISSIONS, DISCOVER_SCHEMA, ENABLE, MANAGER_LOOKUP, NO_RANDOM_ACCESS, PROXY, SEARCH, TEMPLATE, UNLOCK, UNSTRUCTURED_TARGETS, SHAREPOINT_TARGET, PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, PASSWORD, CURRENT_PASSWORD, ACCOUNT_ONLY_REQUEST, ADDITIONAL_ACCOUNT_REQUEST, NO_AGGREGATION, GROUPS_HAVE_MEMBERS, NO_PERMISSIONS_PROVISIONING, NO_GROUP_PERMISSIONS_PROVISIONING, NO_UNSTRUCTURED_TARGETS_PROVISIONING, NO_DIRECT_PERMISSIONS_PROVISIONING, PREFER_UUID, ARM_SECURITY_EXTRACT, ARM_UTILIZATION_EXTRACT, ARM_CHANGELOG_EXTRACT, USES_UUID]

    Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.

    • AUTHENTICATE: The source supports pass-through authentication.
    • COMPOSITE: The source supports composite source creation.
    • DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
    • DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
    • ENABLE The source supports reading if an account is enabled or disabled.
    • MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
    • NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
    • PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
    • SEARCH
    • TEMPLATE
    • UNLOCK: The source supports reading if an account is locked or unlocked.
    • UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
    • SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
    • PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
    • GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
    • SYNC_PROVISIONING: The source can provision accounts synchronously.
    • PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
    • CURRENT_PASSWORD: Some source types support verification of the current password
    • ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
    • ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
    • NO_AGGREGATION: A source that does not support aggregation.
    • GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
    • NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
    • NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
    • NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
    • NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
    • USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
    • PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
    • ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
    • ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
    • ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
    type string

    Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the provisionasCsv query parameter to true.

    connector stringrequired

    Connector script name.

    connectorClass string

    The fully qualified name of the Java class that implements the connector interface.

    connectorAttributes object

    Connector specific configuration; will differ from type to type.

    deleteThreshold int32

    Number from 0 to 100 that specifies when to skip the delete phase.

    authoritative boolean

    Default value: false

    When true indicates the source is referenced by an IdentityProfile.

    managementWorkgroup objectnullable

    Reference to Management Workgroup for this Source

    type string

    Possible values: [GOVERNANCE_GROUP]

    The type of object being referenced

    id string

    ID of the management workgroup

    name string

    Human-readable display name of the management workgroup

    healthy boolean

    Default value: false

    When true indicates a healthy source

    status string

    A status identifier, giving specific information on why a source is healthy or not

    since string

    Timestamp showing when a source health check was last performed

    connectorId string

    The id of connector

    connectorName string

    The name of the connector that was chosen on source creation

    connectionType string

    The type of connection (direct or file)

    connectorImplementationId string

    The connector implementation id

    created date-time

    The date-time when the source was created

    modified date-time

    The date-time when the source was last modified

    credentialProviderEnabled boolean

    Default value: false

    Enables credential provider for this source. If credentialProvider is turned on then source can use credential provider(s) to fetch credentials.

    category stringnullable

    The category of source (e.g. null, CredentialProvider)

Loading...