Author: Suraj Bharat Gorle

SailPoint IdentityNow REST API’s

Posted on by Suraj Bharat Gorle in Sailpoint, Technology

Introduction

API stands for Application Programming Interface. APIs are mechanisms that enable two software components to communicate with each other using a set of definitions and protocols.

API architecture is usually explained in terms of client and server. The application sending the request is called the client and the application sending the response is called the server.

API Workflow

Fig. – API dataflow

What is REST API:

  REST stands for Representational State Transfer. This is the most popular and flexible APIs found on the web today. The client sends requests to the server as data. The server uses this client input to start internal functions and returns output data back to the client.  REST defines a set of functions like GET, POST, PUT, DELETE, etc. that clients can use to access server data. Clients and servers exchange data using HTTP.

The main feature of REST API is statelessness. Statelessness means that servers do not save client data between requests. Client requests to the server are similar to URLs you type in your browser to visit a website. The response from the server is plain data, without the typical graphical rendering of a web page.

Rest API operation in SailPoint IdentityNow

Post Operation: POST APIs request allows appending data to the endpoint. This is a method used to add information within the request body in the server. It is commonly used for passing delicate information.

GET operations: GET APIs request is used to obtain details from the endpoint and does not have any impact on the endpoint. The GET request does not update any endpoint data while it is triggered.

UPDATE operations: PUT APIs request is used to pass data to the server for creation or modification of an endpoint. The difference between POST and PUT is that POST request is not idempotent.

DELETE operations: DELETE APIs request deletes a resource already present in the server. The DELETE method sends a request to the server for deleting the request mentioned in the endpoint.

Let us understand usage of REST API’s in SailPoint IdentityNow in the following below presentation:

Pre-requisite

  • Base URL of SailPoint tenant.
  • secret key and client ID for the token generation.
  • Generating access token with Authorization code.

Rest API Authentication in IdentityNow

              Authentication is the process of determining whether someone or something is, in fact, who or what it says it is. Authentication provides access control for systems by checking to see if a user’s credentials match the credentials in a database of authorized users or in a data authentication server. In doing this, authentication assures secure systems, secure processes and enterprise information security.

OAuth 2.0

  • OAuth 2.0 is the industry-standard protocol for AUTHORIZATION.
  • OAuth 2.0 is designed primarily as a means of granting access to a set of resources, in simple way OAuth 2.0 Access Token is a string that the OAuth client uses to make requests to the resource server.

JSON Web Token

          JSON Web Token (JWT) authentication is a stateless method of securely transmitting information between two parties as (JSON) object. It is often used to authenticate and authorize users in web applications and APIs.

Rest API Authorization in IdentityNow

          Authorization in system security is the process of giving the user permission to access a specific resource or Authorization is the act of validating the user’s permission to access a given resource. This term is often used interchangeably with access control or client privilege.

Personal Access Token in IdentityNow

In IdentityNow a personal access token (PAT) is a method of authenticating to an API as a user without providing a username and password.

Now, let us go through a demo on how we can use these REST API’s in SailPoint IdentityNow.

Features of Rest API in IdentityNow

  • APIs extend IdentityNow functionality and Usability
  • Advanced configuration such as
    • Transform creation
    • Customization of account profiles
    • Ranking authoritative source priority
    • System level changes
    • Object management
  • Interface with other systems – pull data/initiate processes

SAP SuccessFactors Integration with SailPoint IdentityNow

Posted on by Suraj Bharat Gorle in Technology

SAP SuccessFactors integration with SailPoint IdentityNow.

SuccessFactors is an SAP product suite to provide cloud-based solution to manage business alignment, people performance, recruitment, and employee central and learning activities for all sizes of organizations.

SAP SuccessFactors is cloud based HCM solution and is designed on Software as a Service (SaaS) cloud model. Software as a Service is also known as On-demand software solution where software is licensed on a subscription basis and is centrally hosted.

SaaS has become a common delivery model for many business applications, including office and messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), management information systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition management and other software and infrastructure services.

  • In SaaS, software and application data is hosted on a remote cloud and can be accessed on demand from any location using secured login credentials.
  • SaaS software is multitenant that allows many instances of the software to be accessed and are on the same application version.
  • Users have an option to select features and functionality to use in the standard solution and in the regular releases that are introduced by the vendor.
  • SaaS Solution is based on multitenant architecture where a single configuration is applied for all the tenants or customers. To provide scalability, you install application on multiple machines.

IdentityNow SAP SuccessFactors connector supports Account Management for loading accounts, delta aggregation and Provisioning.

SAP SuccessFactors integration with SailPoint IdentityNow Blog

Pre-requisite

At-least Virtual Appliance need to be configured in order to have communication between IdentityNow cloud and SAP source however SailPoint recommends to have 2 virtual appliances in cluster.

Permissions required :

•Test connection : To test the connectivity from IDN cloud to SAP SuccessFactors source.

•Account Aggregation : To aggregate account details to IDN cloud.

•To perform connection tasks, must have the following permissions:

a. SFAPI User Login

b. Employee Central HRIS SOAP API

•For example, The Success Factor source aggregates the employee data from the SuccessFactors managed system based on the Picklist configuration which is a configurable set of options or selection lists used to populate a data input field with one of a number of predefined values in the Success Factors that can be obtained.

Next for aggregation we required the following permission:

  • Manage User : Employee Export
  • Metadata Framework : Admin access to MDF OData API
  • Manage System Properties : Picklist Management and Picklists Mappings Setup
  • Employee Central API : Employee Central Foundation OData API (read-only), Employee Central HRIS OData API (read-only), Manage Role-Based Permission Access

Let us see prerequisites for SAP SF integration.

•For configuring the base URL for IdentityNow tenant we need to configure data center wise.

•The base url will vary from datacentre to datacentre.

•In the blog we have provided the link for SuccessFactors API URLs for different Datacenters.

https://userapps.support.sap.com/sap/support/knowledge/E/2215682

SAP SuccessFactors integration with SailPoint IdentityNow Demo