Extensibility of services using vast API collections is sign of a true SaaS solution. SailPoint IdentityNow has recently released few APIs which allow us to upload our own connector rules required for app integrations.
Rule
In IdentityNow, Rules are the configurations which are used to provide additional flexibility where needed. Rules are basically developed using a scripting language called Bean Shell, it is a lightweight scripting language whose syntax is similar to Java.
Based on Execution type rules are divided into two types:
Cloud Execution | Connector Execution |
1)The Rules which are executed in the IDN tenant cloud are called Cloud Execution Rules. | 1)The Rules which are executed on virtual Appliance (on premise) are called Connector Execution Rules. |
2)There will be a review process for cloud rules to ensure any submitted Cloud Rules meet SailPoint requirements and doesn’t contain code that could harm the system and the only way to upload the rule is through SailPoint. | 2)Connector Rules are usually extension of the connector itself. These rules are mainly used to implement pre-processing of data and post-processing of data and to manipulate, merge or otherwise transform the incoming data as it’s being read |
Rule Deployment Process
As-Is Process
In As-Is Process for deploying Connector Rules on the tenant developer should follow the below steps:
- Rule needs to be developed as per the requirements.
- Developed rule shall be submitted to SailPoint Expert services for review.
- Post review, rule will be uploaded on to the tenant.
- In case of any changes required the rule shall be resubmitted to the SailPoint Expert Services.
To-Be Process
In To-Be process the rule can directly be deployed to the IDN tenant using APIs. In case of any changes required/delete the developer can directly use these APIs and make required changes instead of going through tedious process like earlier.
Advantages and Limitations
Advantages
- Easy to Deploy – They are Easy to deploy on to the tenant compared to the entire previous process
- Faster deployment of rules – Rules will be deployed on the tenant instantly using APIs where old process used to take a minimum of 24hrs
- Low Cost from SailPoint Expert Services – Compare to previous methodology, deploying connector rules using APIs has minimal involvement from Expert Services.
- Rework is Faster – In case of any changes rather than repeating the entire process, rework is quicker using these APIs.
- Faster Integrations – Using APIs, the overall application integrations are faster.
Limitations
The only limitations for these APIs are that these APIs support only connector rule types, but not for the cloud rules as of now.
Connector Rule Rest API Operations
SailPoint Provides us with six APIs to perform connector rule operations mentioned below:
GET, LIST, CREATE, UPDATE, DELETE, VALIDATE are the APIs that are currently used for connector rule operations. A token with ORG_ADMIN authority is required to perform any operation.
Detailed documentation on connector rules APIs can be found here:
https://developer.sailpoint.com/apis/beta/#tag/Connector-Rule-Management
In the following presentation, I will be providing a detailed overview of Rules and Connector Rule APIs
In the following video, I will be providing a detailed demo of the Connector Rule APIs and their operations