SailPoint Identity Security Cloud Loopback Connector

Problem:

In SailPoint Identity Security Cloud, we often face challenges in managing and governing user level permissions and governance group membership effectively, which may lead to unauthorized access and audit failures. Governing access inside Identity Security Cloud is important.

Current blog helps govern access in Identity Security Cloud using Identity Security Cloud loopback connector.

Solution – Loopback connector:

The purpose of loopback connector is used to manage Identity Security Cloud user levels and governance groups as entitlements.

Users can request for elevated user levels permissions and governance groups as entitlements through request center. Once that is approved user will get required higher permission or governance group membership based on requested entitlement.

Supported Operations:

Below are the supported operations in loopback connector:

  • Account Aggregation
  • Governance Groups Aggregation
  • User levels Aggregation
  • Provisioning
  • Add Entitlement
  • Remove Entitlement

Operations and APIs

Below is the list of endpoints we used for each operation in loopback connector:

S. NoOperationsEndpoints
1Account Aggregation/v3/accounts
2Governance Group Aggregation/beta/workgroups
3Provisioning/v3/accounts
4Authentication/oauth/token
5Add Entitlement for User Levels/v3/auth-users/:id
6Add Entitlement for Governance Groups/v3/workgroups/accessId/members/bulk-add

In this blog, we will be discussing about the Identity Security Cloud Loopback Connector in detail. The following are the key topics that are discussed as part of the blog.

  1. Problem statement
  2. What is loopback connector and what we can achieve from that?
  3. Use cases we can achieve using loopback connector
  4. What are the supported operations?
  5. End points used for each operation.

In the video blog of SailPoint Identity Security Cloud Loopback Connector, we will be discussing above mentioned topics.

Video:

Detailed demo on developing & testing loopback connector is present in the following video.

Video:

All the mentioned technical components are only available for internal use. However, refer to the below table for an overview on different technical components, which can be used to develop the loopback connector.

S. NoComponent NameUse
1Java ProgramThis program is used to take details like tenant id, client id, client secret and source id and update all rules with provided input data.
2Account Aggregation RuleThis is Webservice After Operation Rule. Users can build this rule in such a way, where they can read all the available accounts from the respective tenant.
3User Levels Aggregation RuleThis is Webservice After Operation Rule. Users can build this rule in such a way, where they can read all user levels available from the respective tenant.
4Governance Groups Aggregation RuleThis is Webservice After Operation Rule. Users can build this rule in such a way, where they can read all the available governance groups from the respective tenant..
5Add EntitlementThis is Webservice Before Operation Rule. Users can build this rule in such away, upon entitlement request, respective governance group membership or elevated permissions are assigned to users
6Remove EntitlementThis is Webservice Before Operation Rule. Users can build this rule in such away, respective governance group membership or elevated permissions are removed from users.

Sreeja Agamamidi

Leave a Reply

Your email address will not be published. Required fields are marked *