{"id":1080,"date":"2021-10-25T19:33:14","date_gmt":"2021-10-25T14:03:14","guid":{"rendered":"https:\/\/www.enhisecure.com\/isecureblog\/?p=1080"},"modified":"2021-10-25T19:33:14","modified_gmt":"2021-10-25T14:03:14","slug":"sailpoint-identitynow-connector-rule-apis","status":"publish","type":"post","link":"https:\/\/www.enhisecure.com\/isecureblog\/2021\/10\/25\/sailpoint-identitynow-connector-rule-apis\/","title":{"rendered":"SailPoint IdentityNow: Connector Rule API’s"},"content":{"rendered":"\n

Extensibility of services using vast API <\/a>collections is sign of a true SaaS solution. SailPoint<\/a> IdentityNow<\/a> has recently released few APIs<\/a> which allow us to upload our own connector rules<\/a> required for app integrations.<\/p>\n\n\n\n

Rule<\/h2>\n\n\n\n

In IdentityNow<\/a>, Rules<\/a> are the configurations which are used to provide additional flexibility where needed. Rules<\/a> are basically developed using a scripting language<\/a> called Bean Shell<\/a>, it is a lightweight scripting language<\/a> whose syntax is similar to Java<\/a>.<\/p>\n\n\n\n

Based on Execution type rules<\/a> are divided into two types:<\/p>\n\n\n\n

\n
\n
Cloud Execution<\/strong><\/td>Connector Execution<\/strong><\/td><\/tr>
1)The Rules<\/a> which are executed in the IDN tenant cloud are called Cloud Execution Rules<\/a>.
<\/td>		1)The Rules<\/a> which are executed on virtual Appliance (on premise) are called Connector Execution Rules.<\/a>
<\/td><\/tr>
2)There will be a review process for cloud rules<\/a> to ensure any submitted Cloud Rule<\/a>s meet SailPoint<\/a> requirements and doesn’t contain code that could harm the system and the only way to upload the rule<\/a> is through SailPoint<\/a>.<\/td>2)Connector Rules<\/a> are usually extension of the connector itself. These rules<\/a> are mainly used to implement pre-processing of data and post-processing of data and to manipulate, merge or otherwise transform the incoming data as it\u2019s being read<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div>\n<\/div>\n\n\n\n

Rule Deployment Process<\/h2>\n\n\n\n

As-Is Process<\/h4>\n\n\n\n

In As-Is Process for deploying Connector Rules<\/a> on the tenant developer should follow the below steps:<\/p>\n\n\n\n

  1. Rule<\/a> needs to be developed as per the requirements.<\/li>
  2. Developed rule<\/a> shall be submitted to SailPoint<\/a> Expert services for review.<\/li>
  3. Post review, rule<\/a> will be uploaded on to the tenant. <\/li>
  4. In case of any changes required the rule<\/a> shall be resubmitted to the SailPoint<\/a> Expert Services.<\/li><\/ol>\n\n\n\n
    \"\"<\/figure><\/div>\n\n\n\n

    To-Be Process<\/h4>\n\n\n\n

    In To-Be process the rule<\/a> can directly be deployed to the IDN tenant using APIs<\/a>. In case of any changes required\/delete the developer can directly use these APIs<\/a> and make required changes instead of going through tedious process like earlier.<\/p>\n\n\n\n

    \"\"<\/figure><\/div>\n\n\n\n

    Advantages and Limitations<\/h2>\n\n\n\n

    Advantages<\/h4>\n\n\n\n
    1. Easy to Deploy <\/strong>– They are Easy to deploy on to the tenant compared to the entire previous process<\/li>
    2. Faster deployment of rules – <\/strong>Rules<\/a> will be deployed on the tenant instantly using APIs<\/a> where old process used to take a minimum of 24hrs<\/li>
    3. Low Cost from SailPoint Expert Services – <\/strong>Compare to previous methodology, deploying connector rules<\/a> using APIs <\/a>has minimal involvement from Expert Services.<\/li>
    4. Rework is Faster – <\/strong>In case of any changes rather than repeating the entire process, rework is quicker using these APIs<\/a>.<\/li>
    5. Faster Integrations – <\/strong>Using APIs<\/a>, the overall application integrations are faster.<\/li><\/ol>\n\n\n\n

      Limitations<\/h4>\n\n\n\n

      The only limitations for these APIs<\/a> are that these APIs<\/a> support only connector rule<\/a> <\/a>types, but not for the cloud rules<\/a> as of now.<\/p>\n\n\n\n

      Connector Rule Rest API Operations<\/h2>\n\n\n\n

      SailPoint<\/a> Provides us with six APIs <\/a>to perform connector rule<\/a> operations mentioned below: <\/p>\n\n\n\n

      \"\"<\/figure><\/div>\n\n\n\n

      GET, LIST, CREATE, UPDATE, DELETE, VALIDATE are the APIs<\/a> that are currently used for connector rule<\/a> operations. A token with ORG_ADMIN authority is required to perform any operation.<\/p>\n\n\n\n

      Detailed documentation on connector rules<\/a> APIs<\/a> can be found here:<\/p>\n\n\n\n

      https:\/\/developer.sailpoint.com\/apis\/beta\/#tag\/Connector-Rule-Management<\/a><\/p>\n\n\n\n

      In the following presentation, I will be providing a detailed overview of Rules <\/a>and Connector Rule<\/a> APIs<\/a><\/p>\n\n\n\n

      \n