{"id":1652,"date":"2024-12-10T17:21:05","date_gmt":"2024-12-10T11:51:05","guid":{"rendered":"https:\/\/www.enhisecure.com\/isecureblog\/?p=1652"},"modified":"2024-12-10T17:21:05","modified_gmt":"2024-12-10T11:51:05","slug":"sailpoint-identity-security-cloud-loopback-connector","status":"publish","type":"post","link":"https:\/\/www.enhisecure.com\/isecureblog\/2024\/12\/10\/sailpoint-identity-security-cloud-loopback-connector\/","title":{"rendered":"SailPoint Identity Security Cloud Loopback Connector"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Problem:<\/h2>\n\n\n\n<p>In SailPoint Identity Security Cloud, we often face challenges in managing and governing user level permissions and governance group membership effectively, which may lead to unauthorized access and audit failures. Governing access inside Identity Security Cloud is important. <\/p>\n\n\n\n<p>Current blog helps govern access in Identity Security Cloud using Identity Security Cloud loopback connector.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Solution &#8211; Loopback connector:<\/h2>\n\n\n\n<p>The purpose of loopback connector is used to manage <a href=\"https:\/\/www.sailpoint.com\/products\/identity-security-cloud\">Identity Security Cloud <\/a>user levels and <a href=\"https:\/\/documentation.sailpoint.com\/saas\/help\/common\/users\/governance_groups.html\">governance groups<\/a> as<a href=\"https:\/\/documentation.sailpoint.com\/saas\/help\/access\/entitlements.html\"> entitlements<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"882\" height=\"342\" src=\"https:\/\/www.enhisecure.com\/isecureblog\/wp-content\/uploads\/2024\/12\/Architecture.jpg.png\" alt=\"\" class=\"wp-image-1654\" srcset=\"https:\/\/www.enhisecure.com\/isecureblog\/wp-content\/uploads\/2024\/12\/Architecture.jpg.png 882w, https:\/\/www.enhisecure.com\/isecureblog\/wp-content\/uploads\/2024\/12\/Architecture.jpg-300x116.png 300w\" sizes=\"auto, (max-width: 882px) 100vw, 882px\" \/><\/figure>\n\n\n\n<p>Users can request for elevated user levels permissions and governance groups as <a href=\"https:\/\/documentation.sailpoint.com\/saas\/help\/access\/entitlements.html\">entitlements<\/a> through <a href=\"https:\/\/documentation.sailpoint.com\/saas\/user-help\/requests\/index.html\">request center<\/a>. Once that is approved user will get required higher permission or governance group membership based on requested <a href=\"https:\/\/documentation.sailpoint.com\/saas\/help\/access\/entitlements.html\">entitlement.<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Supported Operations:<\/h2>\n\n\n\n<p>Below are the supported operations in loopback connector:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Account Aggregation<\/li>\n\n\n\n<li>Governance Groups Aggregation<\/li>\n\n\n\n<li>User levels Aggregation<\/li>\n\n\n\n<li>Provisioning<\/li>\n\n\n\n<li>Add Entitlement<\/li>\n\n\n\n<li>Remove Entitlement<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Operations and APIs<\/h2>\n\n\n\n<p>Below is the list of endpoints we used for each operation in loopback connector:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>S. No<\/td><td>Operations<\/td><td>Endpoints<\/td><\/tr><tr><td>1<\/td><td><a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/json_aggregation.html\">Account Aggregation<\/a><\/td><td><a href=\"https:\/\/developer.sailpoint.com\/docs\/api\/v3\/list-accounts\">\/v3\/accounts<\/a><\/td><\/tr><tr><td>2<\/td><td><a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/json_aggregation.html\">Governance Group Aggregation<\/a><\/td><td><a href=\"https:\/\/developer.sailpoint.com\/docs\/api\/beta\/list-workgroups\">\/beta\/workgroups<\/a><\/td><\/tr><tr><td>3<\/td><td><a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/json_create_account.html\">Provisioning<\/a><\/td><td><a href=\"https:\/\/developer.sailpoint.com\/docs\/api\/v3\/create-account\">\/v3\/accounts<\/a><\/td><\/tr><tr><td>4<\/td><td><a href=\"https:\/\/developer.sailpoint.com\/docs\/api\/v3\/authentication\/#oauth-token-response\">Authentication<\/a><\/td><td><a href=\"https:\/\/developer.sailpoint.com\/docs\/api\/v3\/authentication\/#oauth-token-response\">\/oauth\/token<\/a><\/td><\/tr><tr><td>5<\/td><td><a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/json_add_entitlement.html\">Add Entitlement for User Levels<\/a><\/td><td><a href=\"https:\/\/developer.sailpoint.com\/docs\/api\/v3\/patch-auth-user\">\/v3\/auth-users\/:id<\/a><\/td><\/tr><tr><td>6<\/td><td><a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/json_add_entitlement.html\">Add Entitlement for Governance Groups<\/a><\/td><td><a href=\"https:\/\/developer.sailpoint.com\/docs\/api\/beta\/update-workgroup-members\">\/v3\/workgroups\/accessId\/members\/bulk-add<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>In this blog, we will be discussing about the Identity Security Cloud Loopback Connector in detail. The following are the key topics that are discussed as part of the blog.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Problem statement<\/li>\n\n\n\n<li>What is loopback connector and what we can achieve from that?<\/li>\n\n\n\n<li>Use cases we can achieve using loopback connector<\/li>\n\n\n\n<li>What are the supported operations?<\/li>\n\n\n\n<li>End points used for each operation.<\/li>\n<\/ol>\n\n\n\n<p>In the video blog of <a href=\"https:\/\/www.sailpoint.com\/\">SailPoint<\/a> <a href=\"https:\/\/www.sailpoint.com\/products\/identity-security-cloud\">Identity Security Cloud<\/a> Loopback Connector, we will be discussing above mentioned topics.<\/p>\n\n\n\n<p><strong>Video:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"ENH iSecure: SailPoint ISC Loopback Connector - Presentation\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/1E3APpDDGvQ?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>Detailed demo on developing &amp; testing loopback connector is present in the following video.<\/p>\n\n\n\n<p><strong>Video:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"ENH iSecure: SailPoint ISC Loopback Connector - Demo\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/WG3QfG_z7T0?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>All the mentioned technical components are only available for internal use. However, refer to the below table for an overview on different technical components, which can be used to develop the loopback connector.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>S. No<\/td><td>Component Name<\/td><td>Use<\/td><\/tr><tr><td>1<\/td><td>Java Program<\/td><td>This program is used to take details like tenant id, client id, client secret and source id and update all rules with provided input data.<\/td><\/tr><tr><td>2<\/td><td><a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/json_aggregation.html\">Account Aggregation<\/a> Rule<\/td><td>This is <a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/afteroperationrule.html\">Webservice After Operation Rule<\/a>. Users can build this rule in such a way, where they can read all the available accounts from the respective tenant.<\/td><\/tr><tr><td>3<\/td><td><a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/json_aggregation.html\">User Levels Aggregation<\/a> Rule<\/td><td>This is <a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/afteroperationrule.html\">Webservice After Operation Rule<\/a>. Users can build this rule in such a way, where they can read all <a href=\"https:\/\/documentation.sailpoint.com\/saas\/help\/common\/users\/user_levels.html\">user levels <\/a>available from the respective tenant.<\/td><\/tr><tr><td>4<\/td><td><a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/json_aggregation.html\">Governance Groups Aggregation<\/a> Rule<\/td><td>This is <a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/afteroperationrule.html\">Webservice After Operation Rule<\/a>. Users can build this rule in such a way, where they can read all the available <a href=\"https:\/\/documentation.sailpoint.com\/saas\/help\/common\/users\/governance_groups.html?h=governance+group\">governance groups<\/a> from the respective tenant..<\/td><\/tr><tr><td>5<\/td><td><a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/json_add_entitlement.html\">Add Entitlement<\/a><\/td><td>This is <a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/beforeoperationrule.html\">Webservice Before Operation Rule<\/a>. Users can build this rule in such away, upon entitlement request, respective <a href=\"https:\/\/documentation.sailpoint.com\/saas\/help\/common\/users\/governance_groups.html?h=governance+group\">governance group<\/a> membership or elevated permissions are assigned to users<\/td><\/tr><tr><td>6<\/td><td><a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/json_remove_entitlement.html\">Remove Entitlement<\/a><\/td><td>This is <a href=\"https:\/\/documentation.sailpoint.com\/connectors\/webservices\/help\/integrating_webservices\/beforeoperationrule.html\">Webservice Before Operation Rule<\/a>. Users can build this rule in such away, respective <a href=\"https:\/\/documentation.sailpoint.com\/saas\/help\/common\/users\/governance_groups.html?h=governance+group\">governance group <\/a>membership or elevated permissions are removed from users.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Problem: In SailPoint Identity Security Cloud, we often face challenges in managing and governing user level permissions and governance group membership effectively, which may lead to unauthorized access and audit failures. Governing access inside Identity Security Cloud is important. Current blog helps govern access in Identity Security Cloud using Identity Security Cloud loopback connector. Solution [&hellip;]<\/p>\n","protected":false},"author":35,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[172,233,127,62,206,204,11,232],"class_list":["post-1652","post","type-post","status-publish","format-standard","hentry","category-technology","tag-connector","tag-governance-group","tag-iam","tag-identity-governance","tag-identity-security","tag-identity-security-cloud","tag-sailpoint","tag-user-level"],"_links":{"self":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts\/1652","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/comments?post=1652"}],"version-history":[{"count":5,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts\/1652\/revisions"}],"predecessor-version":[{"id":1680,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts\/1652\/revisions\/1680"}],"wp:attachment":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/media?parent=1652"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/categories?post=1652"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/tags?post=1652"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}