Configuring IdentityIQ to Integrate with IdentityIQ for Zendesk Service Desk
This section provides the required information for configuring IdentityIQ to integrate with Zendesk Service Desk.
This is intended as an introduction to the configuration required to integrate IdentityIQ with Zendesk Service Desk. It outlines some examples that must be used as a reference point for implementation. Some changes may be required to meet specific use case and expertise around both systems are a must for the successful implementations.
SailPoint provides a default Zendesk Service Desk configuration. This configuration implements the integration between IdentityIQ and the Zendesk Service Desk to fulfil (fulfilment of the ticket is done manually) creation of tickets based on IdentityIQ access certification remediation events.
The default configuration is located in the following directory, where iiqHome is the location where IdentityIQ was installed:
iiqHome/WEB-INF/config/connector/IdentityIQforZendeskServiceDesk.xml
Note
Once the following configuration information is populated then import the IdentityIQforZendeskServiceDesk.xml
file. This would create an application.
The configuration must include the following entries:
The base URL of Service Desk System based on the authenticationType as follows:
- Basic: https://{subdomain}.zendesk.com
Authentication method that is supported by the managed system:
-
Basic
-
OAuth2
To use an API token with Basic Authentication, append the username with /token and provide the API token in the Password field.
For more information on creating the API Token, see Generating an API Token.
The application name by which Zendesk Service Desk accounts are aggregated. Required for Plan Initializer script.
Enter one of the following ticket type to generate ticket on Zendesk Service Desk system:
- incident
Applicable if authenticationType is selected as Basic
Service Account username.
If API Token is used then append the username with /token Service Account user’s Password or API Token.
Applicable if authenticationType is selected as OAuth2
URL for generating refresh token.
For example, https://{subdomain}.zendesk.com/oauth/tokens
Enter the following type of Grant:
PASSWORD
Client Id for OAuth2 authentication.
Client secret for OAuth2 authentication.
Application Configuration XML would have all configurations for Incident. This configuration would be executed by connector for the request processing.
Required. A space-separated list of scopes that control access to the Zendesk resources.
(Applicable if grant_type is selected as PASSWORD) Service Account username.
(Applicable if grant_type is selected as PASSWORD) Service Account user password.
Each module would have provision and checkStatus entries as mentioned below:
Provision:
Entries |
Description |
resource |
Ticket creation rest endpoint. Do not provide the base url in the value. Base url would be appended to this endpoint value. Provide only remaining endpoint URL. IdentityIQ For Zendesk Service Desk: /api/v2/tickets |
responseElement* |
The value is JSON path expression which provides information about where to find ticket number in the response from rest endpoint. For example, $.ticket.id |
request* |
Map that represents the request payload, which has velocity template expression and velocity variables that would be dynamically updated by integration before making rest call. |
requestRootElement |
The value represents JSON root element in the request. |
requestRootElementType |
The value represents JSON root element’s type in the request. For example, JSONObject |
requester_id* |
The value represents the id of the reporter. |
submitter_id |
The value represents the id of the reporter. Provide id of service account user, if you wish to populate submitter as service account. By default it will be same as requester. |
comment* |
The map of comment filed values containing description of the ticket. |
body* |
The main body of the request in Zendesk Service Desk, which includes the details about the request. |
subject* |
Title / Summary of the ticket in Zendesk. |
type* |
Ticket type in Zendesk system. |
Check Status:
Entries |
Description |
resource |
Ticket creation rest endpoint. Do not provide the base url in the value. Base url would be appended to this endpoint value. Provide only remaining endpoint URL. IdentityIQ For Zendesk Service Desk: /api/v2/tickets/$ticketId |
responseElement* |
The value is JSON path expression which provides information about where to find ticket number status in the response from rest endpoint. For example, $.ticket.status |
statusMap |
Map that relates Ticket System status to IdentityIQ status. |
If any changes required in the mapping, change the default value /key values in statusMap as mentioned in the following tables:
statusMap for Incident
Entry key (Zendesk) Status |
Values (IdentityIQ) |
new |
Queued |
open |
Queued |
pending |
Queued |
solved |
Committed |
closed |
Committed |
Retry Error Mechanism
For availing the advantage of some of the logic around retryable situations, add the retryable error messages list to the attributes map on an application. The retryableErrors entry is a list of strings through which the connector searches when it receives a message from the managed application. If one of the strings in the entry exists in the error, the connector attempts to retry the connection. When the configured error string is not a part of the error message returned from the connector, then IdentityIQ would not attempt a retry.
For example:
<entry key="retryableErrors">
<value>
<List>
<String>Connection reset</String>
</List>
</value>
</entry>
Enter the following command to enable log4j2 logging on Service Desk component:
logger.ZendeskSDIM.name=openconnector.connector.servicedesk.ServiceDeskConnector
logger.ZendeskSDIM.level=debug,file