Multiple Group Objects

The Web Services source supports multiple group objects. Add a new endpoint for newly introduced groups or entitlements, such as:

  • Group Aggregation – <GROUP-SCHEMA-OBJECT-TYPE>

  • Get Object – <GROUP-SCHEMA-OBJECT-TYPE>

  • Add Entitlement – <GROUP-SCHEMA-OBJECT-TYPE>

  • Remove Entitlement – <GROUP-SCHEMA-OBJECT-TYPE>

For more information, refer to listSchema API and createSchema AAPI.

To support multi groups, add the following API to add a new schema:

  • MethodPOST

  • URIbeta/sources/<source-id>/schemas

JSON Payload:

The following JSON example adds the schema for the Role that follows:

Copy 
{
"name": "Role",
"nativeObjectType": "Role",
"identityAttribute": "Id",
"displayAttribute": "Name",
"hierarchyAttribute": null,
"includePermissions": false,
"features": [],
"configuration": {},
"attributes": [
{
"name": "Id",
"type": "STRING",
"schema": null,
"description": "Role Id.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
},
{
"name": "Name",
"type": "STRING",
"schema": null,
"description": "Role name.",
"isMulti": false,
"isEntitlement": false,
"isGroup": false
}


]
}
The above example adds the schema for Role as follows:
<Schema displayAttribute="Name" identityAttribute="Id" nativeObjectType="Role" objectType="Role">
<AttributeDefinition name="Id" type="string">
<Description>Role Id.</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>Role name.</Description>
</AttributeDefinition>
</Schema>


The resulting Role:

Copy 
<Schema displayAttribute="Name" identityAttribute="Id" nativeObjectType="Role" objectType="Role">
<AttributeDefinition name="Id" type="string">
<Description>Role Id.</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>Role name.</Description>
</AttributeDefinition>
</Schema>

As the new group schema (for role object type) has been created, update the relevant account schema attributes to point to the new group schema by making changes in the account schema through the UI, as SailPoint allows to add the new entitlement in the account schema.

Add new endpoint for Group Aggregation, Get Object, and Add/ Remove entitlement operations. Update the connectionParameters attribute using the PATCH method as follows:

  1. Add a new dummy endpoint such as Test Connection, Account Aggregation from the SailPoint UI and save it.

  2. With the PATCH API, replace the required operation type with the respective operation type, such as:

    1. Group Aggregation <GROUP-SCHEMA-OBJECT-TYPE>

    2. Get Object <GROUP-SCHEMA-OBJECT-TYPE>

    3. Add Entitlement <GROUP-SCHEMA-OBJECT-TYPE>

    4. Remove Entitlement <GROUP-SCHEMA-OBJECT-TYPE>

      Method – POST

      URI – beta/sources/<source-id>/schemas

      JSON Payload:

      Copy 
      [
      {"op":"add","path":"/connectorAttributes/connectionParameters
      /0/operationType","value":"Group Aggregation-Role"},{"op":"add","path":"/connectorAttributes/connectionParameters
      /1/operationType","value":"Get Object - Role"},
      {"op":"add","path":"/connectorAttributes/connectionParameters
      /2/operationType","value":"Add Entitlement-Role"},
      {"op":"add","path":"/connectorAttributes/connectionParameters
      /3/beforeRule","value":"Remove Entitlement-Role"}
      ]

Important
Localization is not applicable for the value of the OperationType attribute added from the API. If you provide operation type in a language other than English, the Web Services source does not configure the group aggregation type (for example, Groepsaggregatie - Rol).