Configuring Partitioned Account Aggregation Operation

The Partitioned Account Aggregation connector operation will be invoked once for each partition map. The Partitioned Account Aggregation is conceptually very similar to the regular Account Aggregation operation and serves the same function. The only difference is the Partitioned Account Aggregation operation is always invoked with a $partition.xxx$ keyword map providing the fields that uniquely describe the partition being aggregated by the operation.

The account aggregation operations are designed to coexist. If the user runs a regular, non-partitioned account aggregation, the Account Aggregation operation is used. If the user selects to run a partitioned aggregation, which is specified by which Task and Task Options are selected in SailPoint, then the Partitioned Account Aggregation is used. The connector supports both modes simultaneously. Admins configuring Web Services connectors are encouraged to configure non-partitioned account aggregation before configuring a partitioned one. The connector logic places no restrictions or assumptions on the mode of operation; it freely supports non-partitioned, partitioned, or both at once.

The Partitioned Account Aggregation operation expects you to substitute in one or more $partition.xxx$ keyword tokens into the URL for the operation or a POST body delivered to the remote system. Continuing with the earlier example, imagine that you have a system that allows you to return only the accounts or account IDs that exist in a specific Cost Center. That GET request displays as follows:

GET https://hr.acme.com/admin/listAccounts?costCenter=CC-AA

{
"idList": [
"3de42cd8-d0f6-4ff6-b683-e386b246e8da",
"73d3eacd-624e-4ca3-8b13-9095ccb9c8b3",
...
"67f8ab59-2923-422d-8772-c52cb4185723"
]
}

Configuring this in a Partitioned Account Aggregation is a matter of enter the $partition.costCenter$ keyword into the URL as follows:

• Context URL – /listAccounts?costCenter=$partition.costCenter$

• Method – GET

• Response - Root Path – $.idList.*

• Response - Schema Attribute – costCenter Attribute Path: $

• Response - Schema Attribute – name Attribute Path: $

For example, as with the non-partitioned Account Aggregation operation, the Partitioned Account Aggregation operation can be chained with child operations referring to it by name. In the examples above, the API only returns the ID property of the account record. A subsequent GET call must be made to retrieve the full account record. The child operation or sequence of operations that retrieve the full account must reference the Partitioned Account Aggregation.

For information on configuring multiple endpoints, refer to Multiple Partitioned Account Aggregation.

Multiple Partitioned Account Aggregation

You can use multiple Partitioned Account Aggregation operations. Like the Get Partitions operation, its use is intended to be strictly parent-child invocations. The behavior of multiple top-level peer Partitioned Account Aggregation operation is not recommended.