Account Schema Extension for Standard and Custom Attributes

If you want to extend the default account schema and provisioning policy to manage other standard or custom attributes, you can use either of the following methods listed below. When you add attributes to a default schema, whether they are standard or custom, you are extending the schema.

During account aggregation, the connector uses the default filter, return_object=shallow. If the aggregated data for custom attributes is incomplete using the default filter, then you need to add the return_object=full filter to the Account Filter field on the Aggregation Settings page.

For example, if the existing account filter is type[blank]=true and you need to fetch more data through the API as a result of the extending the schema, then the you can update the filter to type[blank]=true&return_object=full.

On the downside, adding the return_object=full filter degrades aggregation performance, since fetching full objects results in an increase in API response time and size. SailPoint recommends that you add schema attributes that require the full account filter only if they are critical for deployment.

Method 1

Add attributes returned by the /users API. The following are examples for standard, complex, and custom attributes:

• Standard Attributes – To add a mobile phone number for a user, define the phone-mobile attribute in the account schema and the provisioning policy.

• Complex Attributes – You can use "dot walking" to navigate to the field you want to include in the account schema or the provisioning policy. The following are examples for using dot walking:

  • To add the name of a country of residence, define country-of-residence.name as the field name in the schema and provisioning policy.

  • To show the country code for country of residence, define country-of-residence.code as the field name in the schema and provisioning policy.

• Custom Attributes – If it is a complex attribute, use dot walking to navigate to the field you are interested in using. Use the following format:

  custom-fields<field_name>

  For example, if designation is a custom attribute in your Coupa tenant, then add the custom-fields.designation attribute to the account schema and account provisioning policy.

Note
For more information on the Coupa /users API, refer to Users API.

Method 2

Add a JSONPath (JPath) based mapping to the connector in the customUserObjectMapping field.

For example, if you want to add definitions for the roles (standard attribute) and designation (custom attribute) attributes, you can map them to your connector using the following:

<entry key="customUserObjectMapping">
    <value>
        <Map>
            <entry key="roles" value="roles[*].name"/>
            <entry key="designation" value="custom-fields.designation"/>
        </Map>
    </value>
</entry>

Then you can update the account schema and account provisioning policy with just the name of the attribute. For example, roles or designation as a string type entry.

Note
For more information on SailPoint's REST APIs, refer to Best Practices: REST API Authentication and REST API - Update Source (Partial) in the SailPoint Developer Community.