Deployment in Identity Security Cloud

To deploy a custom connector in Identity Security Cloud:

Create a Connector via the REST API.
Download the Connector Bundle and Update it via the REST API.
Configure Source in the Identity Security Cloud interface or via the REST API.
Upload Connector JAR(s) and Libraries.

Note
For more information on SailPoint's REST APIs, refer to Best Practices: REST API Authentication and REST API - Update Source (Partial) in the SailPoint Developer Community.

The next sessions reference the V3 REST APIs. For information on how to authenticate to REST APIs, refer to the Developer Portal.

The following topics are covered in this section:

Create Connector
Update Connector Bundle
Configure Source
Upload Connector JAR(s) and Libraries
Test Connector

Create Connector

Create the connector type calling the Create Connector REST API.

POST https://sailpoint.api.identitynow.com/v3/connectors

JSON body:

Copy

{
  "name": "ExampleConnector",
  "type": "custom_exampleName",
  "className": "sailpoint.connector.OpenConnectorAdapter",
  "directConnect": "true",
  "status": "released"
}

Where:

name – This is the type of connector which you want to refer to this by. This is visible in the UI.
type – The connector type. If not specified, the name will default to 'custom' + name.
className – This is the fully qualified package and class name of the connector that is being written.
- If you are implementing OpenConnector standard (what we recommend), then this will be set to sailpoint.connector.OpenConnectorAdapter.
directConnect – This will always be true if you are creating a custom connector.
status – This indicates the status of the connector. Each tenant can be configured to see different connector statuses. For implementer usage, set the status to released.

Update Connector Bundle

In the following examples, scriptName is the script name of the connector you created. If you are unsure, you can always call GET https://sailpoint.api.identitynow.com/beta/connectors to see all connectors in the system.

You can use the unescaped content of the applicationXml, correlationConfigXml, and sourceConfigXml fields to create a corresponding XML file containing the content modifications.

To update the bundles, use the following:

To update the applicationXml, use PUT https://sailpoint.api.identitynow.com/v3/connectors/:scriptName/source-template
To update the correlationConfigXml, use PUT https://sailpoint.api.identitynow.com/v3/connectors/:scriptName/correlation-config
To update the sourceConfigXml, use PUT https://sailpoint.api.identitynow.com/v3/connectors/:scriptName/source-config

Use the XML file as a 'file' form-data, and the configurations will be deployed into the ISC cloud.

Configure Source

Use the defined connector to create a source. You can follow the steps described in the documentation for a supported connector to create a source using the Identity Security Cloud UI.

You may also leverage the admin source configuration page to configure any settings using the new user interface you defined via the user interface forms.

Upload Connector JAR(s) and Libraries

Once the connector and sources are defined, upload the packaged JAR files in the user interface. When you upload these, they are copied to the VA(s) which are associated with the particular source.

Note
This process may take a while to upload, especially when you have many VA cluster members.

Ensure that all third-party libraries that you use:
- Are from an authentic or trusted source.
- Do not incur legal obligations.
- Are free from known security vulnerabilities.
- Are compatible with the supported JDK versions shipped with VA (OpenJDK 11).
Custom connectors should upload all third-party JAR dependencies required by connector with a few exceptions. Custom connectors should not upload or pack the following libraries or classes with their source, as these are the infrastructure libraries which are shipped with the platform. Uploading these can cause class loading or conflict errors.
- OpenConnector framework classes or JAR – Responsible for providing connector infrastructure like interfaces and functionality control.
- Any default connector bundle JAR.
- aspect*.jar – Responsible to provide the aspect infrastructure.
- commons-logging*.jar, log4j-*.jar, slf4j-api*.jar – Responsible to provide logging infrastructure.
- bsf*.jar, bsh*.jar – Used to execute Rules.

If any of the dependencies are missing in the uploaded connector JAR file, an error can occur during the test connection. The error shows which third-party library is missing.

Test Connector

One complete test the connector in the Identity Security Cloud interface. Run Test Connection and import accounts.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.