Using Multiple Group Entitlements with a Preexisting Connector

To start using Multiple Group Entitlements with preexisting Google Workspace connectors, complete the following steps:

Use the createSchema API to create new group schema for your source. For more information refer to Create Schema on a Source.

The following is an example of API body content used to add Project Roles to an existing source.

Example

Copy

------------------------ iamResourcePermission START ------------------------
{
"nativeObjectType": "iamResourcePermission",
"identityAttribute": "objectID",
"displayAttribute": "displayName",
"hierarchyAttribute": null,
"includePermissions": false,
"features": [],
"configuration": {},
"attributes": [
{
"name": "objectID",
"type": "STRING",
"schema": null,
"description": "Id of resource permission.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "displayName",
"type": "STRING",
"schema": null,
"description": "Display name of resource permission is combination of role dispaly name and resource display name.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "description",
"type": "STRING",
"schema": null,
"description": "Description of role associated with reource permission.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "includedPermissions",
"type": "STRING",
"schema": null,
"description": "Permission over the resource include in role.",
"isMulti": true,
"isEntitlement": false,
"isGroup": false
},
{
"name": "stage",
"type": "STRING",
"schema": null,
"description": "Stage of the role associated with resource permission.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "resourceName",
"type": "STRING",
"schema": null,
"description": "Resource name associated with the resource permission.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "roleName",
"type": "STRING",
"schema": null,
"description": "Role name associated with the resource permission.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "resourceType",
"type": "STRING",
"schema": null,
"description": "Type of the resource associated with the resource permission.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
}
],
"name": "iamResourcePermission"
}
------------------------ iamResourcePermission END ------------------------
------------------------ iamRole START ------------------------
{
"nativeObjectType": "iamRole",
"identityAttribute": "name",
"displayAttribute": "title",
"hierarchyAttribute": null,
"includePermissions": false,
"features": [],
"configuration": {},
"attributes": [
{
"name": "name",
"type": "STRING",
"schema": null,
"description": "Name of the IAM role.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "description",
"type": "STRING",
"schema": null,
"description": "A human-readable description for the IAM role.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "title",
"type": "STRING",
"schema": null,
"description": "A human-readable title for the role.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "includedPermissions",
"type": "STRING",
"schema": null,
"description": "The names of the permissions this IAM role grants when bound in an IAM policy.",
"isMulti": true,
"isEntitlement": false,
"isGroup": false
},
{
"name": "stage",
"type": "STRING",
"schema": null,
"description": "The current launch stage of the IAM role.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "deleted",
"type": "BOOLEAN",
"schema": null,
"description": "The current deleted state of the IAM role.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
}
],
"name": "iamRole"
}
------------------------ iamRole END ------------------------
------------------------ folder START ------------------------
{
"nativeObjectType": "folder",
"identityAttribute": "objectID",
"displayAttribute": "displayName",
"hierarchyAttribute": null,
"includePermissions": false,
"features": [],
"configuration": {},
"attributes": [
{
"name": "objectID",
"type": "STRING",
"schema": null,
"description": "Id of the folder in the format folders/{numeric folder id}.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "name",
"type": "STRING",
"schema": null,
"description": "The full resource name of folder.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "assetType",
"type": "STRING",
"schema": null,
"description": "Asset Type of the GCP resource.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "displayName",
"type": "STRING",
"schema": null,
"description": "Display name of the folder.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "location",
"type": "STRING",
"schema": null,
"description": "Location of the folder.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "state",
"type": "STRING",
"schema": null,
"description": "State of the folder.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
}
],
"name": "folder"
}
------------------------ folder END ------------------------
------------------------ Project START ------------------------
{
"nativeObjectType": "project",
"identityAttribute": "objectID",
"displayAttribute": "displayName",
"hierarchyAttribute": null,
"includePermissions": false,
"features": [],
"configuration": {},
"attributes": [
{
"name": "objectID",
"type": "STRING",
"schema": null,
"description": "Id of the project in the format projects/{alpha numeric project id}.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "name",
"type": "STRING",
"schema": null,
"description": "The full resource name of project.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "assetType",
"type": "STRING",
"schema": null,
"description": "Asset Type of the GCP resource.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "displayName",
"type": "STRING",
"schema": null,
"description": "Display name of the project.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "location",
"type": "STRING",
"schema": null,
"description": "Location of the project.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "state",
"type": "STRING",
"schema": null,
"description": "State of the project.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
}
],
"name": "project"
}
------------------------ Project End ------------------------
------------------------ Role Start ------------------------
{
"nativeObjectType": "Role",
"identityAttribute": "objectID",
"displayAttribute": "roleName",
"hierarchyAttribute": null,
"includePermissions": false,
"features": [],
"configuration": {},
"attributes": [
{
"name": "objectID",
"type": "STRING",
"schema": null,
"description": "Role Id of role.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "roleName",
"type": "STRING",
"schema": null,
"description": "Name of the role.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "roleDescription",
"type": "STRING",
"schema": null,
"description": "Description of role.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "rolePrivileges",
"type": "STRING",
"schema": null,
"description": "Privileges of the role.",
"isMulti": true,
"isEntitlement": false,
"isGroup": false
},
{
"name": "isSystemRole",
"type": "STRING",
"schema": null,
"description": "Is System Role.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "isSuperAdminRole",
"type": "STRING",
"schema": null,
"description": "Is Super Admin Role.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
}
],
"name": "Role"
}
------------------------ Role END ------------------------

Update the account schema using the following steps:
1. Get account schema using the getSchema API. For more information, refer to Get Source Schema by ID.
2. Copy the schema to a file and search for the attribute corresponding to the group schema added in step 1.
3. Add/ Update the following two properties for the attribute you find:
  
  "isGroup": true,
  
  "schema": {"type": "CONNECTOR_SCHEMA","id": "<Schema_ID_From_Step1>","name": "<Name_Of_Schema_Created_In_Step1>"}
4. Add the modified schema to the payload to update account schema in source using the replaceSchema API. For more information, refer to Update Source Schema (Full).

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Using Multiple Group Entitlements with a Preexisting Connector

Documentation Feedback