Skip to main content

Creates a source in IdentityNow.

POST 
/sources

This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow.

Request

Query Parameters

    provisionAsCsv boolean

    If this parameter is true, it configures the source as a Delimited File (CSV) source. Setting this to true will automatically set the type of the source to DelimitedFile. You must use this query parameter to create a Delimited File source as you would in the UI. If you don't set this query parameter and you attempt to set the type attribute directly, the request won't correctly generate the source.

    Example: false

Body

required

    name stringrequired

    Source's human-readable name.

    description string

    Source's human-readable description.

    owner

    object

    required

    Reference to identity object who owns the source.

    type string

    Possible values: [IDENTITY]

    Type of object being referenced.

    id string

    Owner identity's ID.

    name string

    Owner identity's human-readable display name.

    cluster

    object

    nullable

    Reference to the source's associated cluster.

    type stringrequired

    Possible values: [CLUSTER]

    Type of object being referenced.

    id stringrequired

    Cluster ID.

    name stringrequired

    Cluster's human-readable display name.

    accountCorrelationConfig

    object

    nullable

    Reference to account correlation config object.

    type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG]

    Type of object being referenced.

    id string

    Account correlation config ID.

    name string

    Account correlation config's human-readable display name.

    accountCorrelationRule

    object

    nullable

    Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.

    type string

    Possible values: [RULE]

    Type of object being referenced.

    id string

    Rule ID.

    name string

    Rule's human-readable display name.

    managerCorrelationMapping

    object

    Filter object used during manager correlation to match incoming manager values to an existing manager's account/identity.

    accountAttributeName string

    Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.

    identityAttributeName string

    Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.

    managerCorrelationRule

    object

    nullable

    Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.

    type string

    Possible values: [RULE]

    Type of object being referenced.

    id string

    Rule ID.

    name string

    Rule's human-readable display name.

    beforeProvisioningRule

    object

    nullable

    Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector.

    type string

    Possible values: [RULE]

    Type of object being referenced.

    id string

    Rule ID.

    name string

    Rule's human-readable display name.

    schemas

    object[]

    List of references to schema objects.

  • Array [

    • type string

    Possible values: [CONNECTOR_SCHEMA]

    Type of object being referenced.

    id string

    Schema ID.

    name string

    Schema's human-readable display name.

  • ]

    • passwordPolicies

    object[]

    nullable

    List of references to the associated PasswordPolicy objects.

  • Array [

    • type string

    Possible values: [PASSWORD_POLICY]

    Type of object being referenced.

    id string

    Policy ID.

    name string

    Policy's human-readable display name.

  • ]

    • features string[]

    Possible values: [AUTHENTICATE, COMPOSITE, DIRECT_PERMISSIONS, DISCOVER_SCHEMA, ENABLE, MANAGER_LOOKUP, NO_RANDOM_ACCESS, PROXY, SEARCH, TEMPLATE, UNLOCK, UNSTRUCTURED_TARGETS, SHAREPOINT_TARGET, PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, PASSWORD, CURRENT_PASSWORD, ACCOUNT_ONLY_REQUEST, ADDITIONAL_ACCOUNT_REQUEST, NO_AGGREGATION, GROUPS_HAVE_MEMBERS, NO_PERMISSIONS_PROVISIONING, NO_GROUP_PERMISSIONS_PROVISIONING, NO_UNSTRUCTURED_TARGETS_PROVISIONING, NO_DIRECT_PERMISSIONS_PROVISIONING, PREFER_UUID, ARM_SECURITY_EXTRACT, ARM_UTILIZATION_EXTRACT, ARM_CHANGELOG_EXTRACT, USES_UUID]

    Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.

    • AUTHENTICATE: The source supports pass-through authentication.
    • COMPOSITE: The source supports composite source creation.
    • DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
    • DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
    • ENABLE The source supports reading if an account is enabled or disabled.
    • MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
    • NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
    • PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
    • SEARCH
    • TEMPLATE
    • UNLOCK: The source supports reading if an account is locked or unlocked.
    • UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
    • SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
    • PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
    • GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
    • SYNC_PROVISIONING: The source can provision accounts synchronously.
    • PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
    • CURRENT_PASSWORD: Some source types support verification of the current password
    • ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
    • ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
    • NO_AGGREGATION: A source that does not support aggregation.
    • GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
    • NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
    • NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
    • NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
    • NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
    • USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
    • PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
    • ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
    • ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
    • ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
    type string

    Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the provisionasCsv query parameter to true.

    connector stringrequired

    Connector script name.

    connectorClass string

    Fully qualified name of the Java class that implements the connector interface.

    connectorAttributes object

    Connector specific configuration. This configuration will differ from type to type.

    deleteThreshold int32

    Number from 0 to 100 that specifies when to skip the delete phase.

    authoritative boolean

    When this is true, it indicates that the source is referenced by an identity profile.

    managementWorkgroup

    object

    nullable

    Reference to management workgroup for the source.

    type string

    Possible values: [GOVERNANCE_GROUP]

    Type of object being referenced.

    id string

    Management workgroup ID.

    name string

    Management workgroup's human-readable display name.

    healthy boolean

    When this is true, it indicates that the source is healthy.

    status string

    Possible values: [SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT, SOURCE_STATE_ERROR_CLUSTER, SOURCE_STATE_ERROR_SOURCE, SOURCE_STATE_ERROR_VA, SOURCE_STATE_FAILURE_CLUSTER, SOURCE_STATE_FAILURE_SOURCE, SOURCE_STATE_HEALTHY, SOURCE_STATE_UNCHECKED_CLUSTER, SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES, SOURCE_STATE_UNCHECKED_SOURCE, SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS]

    Status identifier that gives specific information about why a source is or isn't healthy.

    since string

    Timestamp that shows when a source health check was last performed.

    connectorId string

    Connector ID

    connectorName string

    Name of the connector that was chosen during source creation.

    connectionType string

    Type of connection (direct or file).

    connectorImplementationId string

    Connector implementation ID.

    created date-time

    Date-time when the source was created

    modified date-time

    Date-time when the source was last modified.

    credentialProviderEnabled boolean

    If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.

    category stringnullable

    Source category (e.g. null, CredentialProvider).

Responses

Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.

Schema

    id string

    Source ID.

    name stringrequired

    Source's human-readable name.

    description string

    Source's human-readable description.

    owner

    object

    required

    Reference to identity object who owns the source.

    type string

    Possible values: [IDENTITY]

    Type of object being referenced.

    id string

    Owner identity's ID.

    name string

    Owner identity's human-readable display name.

    cluster

    object

    nullable

    Reference to the source's associated cluster.

    type stringrequired

    Possible values: [CLUSTER]

    Type of object being referenced.

    id stringrequired

    Cluster ID.

    name stringrequired

    Cluster's human-readable display name.

    accountCorrelationConfig

    object

    nullable

    Reference to account correlation config object.

    type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG]

    Type of object being referenced.

    id string

    Account correlation config ID.

    name string

    Account correlation config's human-readable display name.

    accountCorrelationRule

    object

    nullable

    Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.

    type string

    Possible values: [RULE]

    Type of object being referenced.

    id string

    Rule ID.

    name string

    Rule's human-readable display name.

    managerCorrelationMapping

    object

    Filter object used during manager correlation to match incoming manager values to an existing manager's account/identity.

    accountAttributeName string

    Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.

    identityAttributeName string

    Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.

    managerCorrelationRule

    object

    nullable

    Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.

    type string

    Possible values: [RULE]

    Type of object being referenced.

    id string

    Rule ID.

    name string

    Rule's human-readable display name.

    beforeProvisioningRule

    object

    nullable

    Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector.

    type string

    Possible values: [RULE]

    Type of object being referenced.

    id string

    Rule ID.

    name string

    Rule's human-readable display name.

    schemas

    object[]

    List of references to schema objects.

  • Array [

    • type string

    Possible values: [CONNECTOR_SCHEMA]

    Type of object being referenced.

    id string

    Schema ID.

    name string

    Schema's human-readable display name.

  • ]

    • passwordPolicies

    object[]

    nullable

    List of references to the associated PasswordPolicy objects.

  • Array [

    • type string

    Possible values: [PASSWORD_POLICY]

    Type of object being referenced.

    id string

    Policy ID.

    name string

    Policy's human-readable display name.

  • ]

    • features string[]

    Possible values: [AUTHENTICATE, COMPOSITE, DIRECT_PERMISSIONS, DISCOVER_SCHEMA, ENABLE, MANAGER_LOOKUP, NO_RANDOM_ACCESS, PROXY, SEARCH, TEMPLATE, UNLOCK, UNSTRUCTURED_TARGETS, SHAREPOINT_TARGET, PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, PASSWORD, CURRENT_PASSWORD, ACCOUNT_ONLY_REQUEST, ADDITIONAL_ACCOUNT_REQUEST, NO_AGGREGATION, GROUPS_HAVE_MEMBERS, NO_PERMISSIONS_PROVISIONING, NO_GROUP_PERMISSIONS_PROVISIONING, NO_UNSTRUCTURED_TARGETS_PROVISIONING, NO_DIRECT_PERMISSIONS_PROVISIONING, PREFER_UUID, ARM_SECURITY_EXTRACT, ARM_UTILIZATION_EXTRACT, ARM_CHANGELOG_EXTRACT, USES_UUID]

    Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.

    • AUTHENTICATE: The source supports pass-through authentication.
    • COMPOSITE: The source supports composite source creation.
    • DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
    • DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
    • ENABLE The source supports reading if an account is enabled or disabled.
    • MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
    • NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
    • PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
    • SEARCH
    • TEMPLATE
    • UNLOCK: The source supports reading if an account is locked or unlocked.
    • UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
    • SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
    • PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
    • GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
    • SYNC_PROVISIONING: The source can provision accounts synchronously.
    • PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
    • CURRENT_PASSWORD: Some source types support verification of the current password
    • ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
    • ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
    • NO_AGGREGATION: A source that does not support aggregation.
    • GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
    • NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
    • NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
    • NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
    • NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
    • USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
    • PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
    • ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
    • ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
    • ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
    type string

    Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the provisionasCsv query parameter to true.

    connector stringrequired

    Connector script name.

    connectorClass string

    Fully qualified name of the Java class that implements the connector interface.

    connectorAttributes object

    Connector specific configuration. This configuration will differ from type to type.

    deleteThreshold int32

    Number from 0 to 100 that specifies when to skip the delete phase.

    authoritative boolean

    When this is true, it indicates that the source is referenced by an identity profile.

    managementWorkgroup

    object

    nullable

    Reference to management workgroup for the source.

    type string

    Possible values: [GOVERNANCE_GROUP]

    Type of object being referenced.

    id string

    Management workgroup ID.

    name string

    Management workgroup's human-readable display name.

    healthy boolean

    When this is true, it indicates that the source is healthy.

    status string

    Possible values: [SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT, SOURCE_STATE_ERROR_CLUSTER, SOURCE_STATE_ERROR_SOURCE, SOURCE_STATE_ERROR_VA, SOURCE_STATE_FAILURE_CLUSTER, SOURCE_STATE_FAILURE_SOURCE, SOURCE_STATE_HEALTHY, SOURCE_STATE_UNCHECKED_CLUSTER, SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES, SOURCE_STATE_UNCHECKED_SOURCE, SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS]

    Status identifier that gives specific information about why a source is or isn't healthy.

    since string

    Timestamp that shows when a source health check was last performed.

    connectorId string

    Connector ID

    connectorName string

    Name of the connector that was chosen during source creation.

    connectionType string

    Type of connection (direct or file).

    connectorImplementationId string

    Connector implementation ID.

    created date-time

    Date-time when the source was created

    modified date-time

    Date-time when the source was last modified.

    credentialProviderEnabled boolean

    If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.

    category stringnullable

    Source category (e.g. null, CredentialProvider).

Loading...