Deployment in Identity Security Cloud

To deploy a custom connector in Identity Security Cloud, follow these steps:

1. Create a Connector via the REST APIs.

2. Download the Connector Bundle and Update it via the REST APIs.

3. Configure Source in the Identity Security Cloud interface or via the REST APIs.

4. Upload Connector JAR(s) and Libraries.

The next sessions reference the V3 REST APIs. For information on how to authenticate to REST APIs, refer to the Developer Portal.

The following topics are covered in this section:

• Create Connector

• Update Connector Bundle

• Configure Source

• Upload Connector JAR(s) and Libraries

• Test Connector

Create Connector

Create the connector type calling the create connector REST API.

POST https://sailpoint.api.identitynow.com/v3/connectors

With JSON body:

{
  "name": "ExampleConnector",
  "type": "custom_exampleName",
  "className": "sailpoint.connector.OpenConnectorAdapter",
  "directConnect": "true",
  "status": "released"
}

Where:

• name - This is the type of connector which you want to refer to this by. This is visible in the UI.

• type - The connector type. If not specified, the name will default to 'custom' + name.

• className - This is the fully qualified package and class name of the connector that is being written.

  • If you are implementing openconnector standard (what we recommend), then this will be set to sailpoint.connector.OpenConnectorAdapter.

• directConnect - This will always be 'true' if you are creating a custom connector.

• status - This indicates the status of the connector. Each tenant can be configured to see different connector statuses. For implementer usage, set the status to 'released'

Update Connector Bundle

In the following examples, scriptName is the scriptName of the connector you created above. If you don't know this, you can always call GET https://sailpoint.api.identitynow.com/beta/connectors to see all connectors in the system.

You can use the unescaped content of the applicationXml, correlationConfigXml, and sourceConfigXml fields to create a corresponding XML file containing the content modifications.

To update the bundles, use the following:

• To update the applicationXml, use PUT https://sailpoint.api.identitynow.com/v3/connectors/:scriptName/source-template

• To update the correlationConfigXml, use PUT https://sailpoint.api.identitynow.com/v3/connectors/:scriptName/correlation-config

• To update the sourceConfigXml, use PUT https://sailpoint.api.identitynow.com/v3/connectors/:scriptName/source-config

Use the .xml file as a 'file' form-data, and the configurations will be deployed into the Identity Security Cloud cloud.

Configure Source

Now that we have a connector defined in Identity Security Cloud, we can leverage that to create a source based off that connector. You can follow the steps described in the documentation for a supported connector to create a source using the Identity Security Cloud UI.

Feel free to leverage the admin source configuration page to configure any settings using the new user interface you defined via the user interface forms.

Upload Connector JAR(s) and Libraries

Once the connector and sources are defined, you'll want to upload the packaged JARs in the user interface. When you upload these, they will be copied to the VA(s) which are associated with the particular source. They may take a while to upload, especially when you have many VA cluster members, so please be patient.

• Ensure that all third-party libraries used:

  • Are from an authentic/trusted source.

  • Do not incur legal obligations.

  • Are free from known security vulnerabilities.

  • Are compatible with the supported JDK versions shipped with VA (OpenJDK 11).

• Custom connector should upload all third-party jar dependencies required by connector with few exceptions. Custom connectors should not upload or pack the following libraries or classes with their connector, as these are the infrastructure libraries which are shipped with platform. Uploading these can cause class loading or conflict errors.

  • openconnector framework classes or jar: Responsible for providing connector infrastructure like interfaces and functionality control.

  • Any out-of-the-box connector bundle jar.

  • aspect*.jar: Responsible to provide the aspect infrastructure.

  • commons-logging*.jar, log4j-*.jar, slf4j-api*.jar: Responsible to provide logging infrastructure.

  • bsf*.jar, bsh*.jar: Used to execute Rules.

If any of the dependencies are missing in the uploaded connector jar, an error will be prompted on the test connection which will show which third-party library is missing.

Test Connector

One complete, test the connector in the Identity Security Cloud interface. Run Test Connection and import accounts. Good luck!