LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-09 12:27:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

making updates to follow SailPoint branding

Browse Source
This commit is contained in:
darrell-thobe-sp
2025-05-08 12:25:53 -04:00
parent 6b6c19bdbd
commit 71f569a650
113 changed files with 496 additions and 444 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/api/beta/getting-started.md
View File

@@ -13,7 +13,7 @@ tags: ['Getting Started']
## Overview
This guide is intended to help you quickly make your first API call to SailPoint Identity Security Cloud and assumes an intermediate level of understanding of APIs. For beginners to APIs, we recommend you watch this presentation that covers the fundamentals of APIs with visual demonstrations of how to make an API call in SailPoint.
This guide is intended to help you quickly Make your first API call to SailPoint Identity Security Cloud and assumes an intermediate level of understanding of APIs. For beginners to APIs, we recommend you watch this presentation that covers the fundamentals of APIs with visual demonstrations of how to make an API call in SailPoint.
<div className="text--center">
<iframe width="560" height="315" src="https://www.youtube.com/embed/HOzkXRLx-T4?si=i9SvAS42kJaOirk1" title="YouTube video player" frameBorder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowFullScreen></iframe>
@@ -23,7 +23,7 @@ This guide is intended to help you quickly make your first API call to SailPoint
To form the proper URL for an API request, you must know your tenant name. To find your tenant name, log into Identity Security Cloud, navigate to Admin, select the Dashboard dropdown, and select Overview. The org name is displayed within the Org Details section of the dashboard. If you do not have admin access, you can still find your tenant name and the API base URL you will use for API calls. To do so, view your session details when you are logged into your Identity Security Cloud instance. Change your URL to the following: `https://{your-Identity Security Cloud-hostname}.com/ui/session`, where `{your-Identity Security Cloud-hostname}` is your company's domain name for accessing Identity Security Cloud. The session detail you want is the `baseUrl`, which has the form of `https://{tenant}.api.identitynow.com`.
## Make Your First API Call
## Make your first API call
To get started, create a [personal access token](./authentication.md#generate-a-personal-access-token), which can then be used to generate access tokens to authenticate your API calls. To generate a personal access token from Identity Security Cloud, after logging into your Identity Security Cloud instance, do the following:

4
docs/api/getting-started.md
View File

@@ -13,7 +13,7 @@ tags: ['Getting Started']
## Overview
This guide is intended to help you quickly make your first API call to SailPoint Identity Security Cloud and assumes an intermediate level of understanding of APIs. For beginners to APIs, we recommend you watch this presentation that covers the fundamentals of APIs with visual demonstrations of how to make an API call in SailPoint.
This guide is intended to help you quickly Make your first API call to SailPoint Identity Security Cloud and assumes an intermediate level of understanding of APIs. For beginners to APIs, we recommend you watch this presentation that covers the fundamentals of APIs with visual demonstrations of how to make an API call in SailPoint.
<div className="text--center">
<iframe width="560" height="315" src="https://www.youtube.com/embed/HOzkXRLx-T4?si=i9SvAS42kJaOirk1" title="YouTube video player" frameBorder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowFullScreen></iframe>
@@ -23,7 +23,7 @@ This guide is intended to help you quickly make your first API call to SailPoint
To form the proper URL for an API request, you must know your tenant name. To find your tenant name, log into Identity Security Cloud, navigate to Admin, select the Dashboard dropdown, and select Overview. The org name is displayed within the Org Details section of the dashboard. If you do not have admin access, you can still find your tenant name and the API base URL you will use for API calls. To do so, view your session details when you are logged into your Identity Security Cloud instance. Change your URL to the following: `https://{your-Identity Security Cloud-hostname}.com/ui/session`, where `{your-Identity Security Cloud-hostname}` is your company's domain name for accessing Identity Security Cloud. The session detail you want is the `baseUrl`, which has the form of `https://{tenant}.api.identitynow.com`.
## Make Your First API Call
## Make your first API call
To get started, create a [personal access token](./authentication.md#generate-a-personal-access-token), which can then be used to generate access tokens to authenticate your API calls. To generate a personal access token from Identity Security Cloud, after logging into your Identity Security Cloud instance, do the following:

4
docs/api/v2024/getting-started.md
View File

@@ -13,7 +13,7 @@ tags: ['Getting Started']
## Overview
This guide is intended to help you quickly make your first API call to SailPoint Identity Security Cloud and assumes an intermediate level of understanding of APIs. For beginners to APIs, we recommend you watch this presentation that covers the fundamentals of APIs with visual demonstrations of how to make an API call in SailPoint.
This guide is intended to help you quickly Make your first API call to SailPoint Identity Security Cloud and assumes an intermediate level of understanding of APIs. For beginners to APIs, we recommend you watch this presentation that covers the fundamentals of APIs with visual demonstrations of how to make an API call in SailPoint.
<div className="text--center">
<iframe width="560" height="315" src="https://www.youtube.com/embed/HOzkXRLx-T4?si=i9SvAS42kJaOirk1" title="YouTube video player" frameBorder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowFullScreen></iframe>
@@ -23,7 +23,7 @@ This guide is intended to help you quickly make your first API call to SailPoint
To form the proper URL for an API request, you must know your tenant name. To find your tenant name, log into Identity Security Cloud, navigate to Admin, select the Dashboard dropdown, and select Overview. The org name is displayed within the Org Details section of the dashboard. If you do not have admin access, you can still find your tenant name and the API base URL you will use for API calls. To do so, view your session details when you are logged into your Identity Security Cloud instance. Change your URL to the following: `https://{your-Identity Security Cloud-hostname}.com/ui/session`, where `{your-Identity Security Cloud-hostname}` is your company's domain name for accessing Identity Security Cloud. The session detail you want is the `baseUrl`, which has the form of `https://{tenant}.api.identitynow.com`.
## Make Your First API Call
## Make your first API call
To get started, create a [personal access token](./authentication.md#generate-a-personal-access-token), which can then be used to generate access tokens to authenticate your API calls. To generate a personal access token from Identity Security Cloud, after logging into your Identity Security Cloud instance, do the following:

4
docs/api/v2025/getting-started.md
View File

@@ -13,7 +13,7 @@ tags: ['Getting Started']
## Overview
This guide is intended to help you quickly make your first API call to SailPoint Identity Security Cloud and assumes an intermediate level of understanding of APIs. For beginners to APIs, we recommend you watch this presentation that covers the fundamentals of APIs with visual demonstrations of how to make an API call in SailPoint.
This guide is intended to help you quickly Make your first API call to SailPoint Identity Security Cloud and assumes an intermediate level of understanding of APIs. For beginners to APIs, we recommend you watch this presentation that covers the fundamentals of APIs with visual demonstrations of how to make an API call in SailPoint.
<div className="text--center">
<iframe width="560" height="315" src="https://www.youtube.com/embed/HOzkXRLx-T4?si=i9SvAS42kJaOirk1" title="YouTube video player" frameBorder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowFullScreen></iframe>
@@ -23,7 +23,7 @@ This guide is intended to help you quickly make your first API call to SailPoint
To form the proper URL for an API request, you must know your tenant name. To find your tenant name, log into Identity Security Cloud, navigate to Admin, select the Dashboard dropdown, and select Overview. The org name is displayed within the Org Details section of the dashboard. If you do not have admin access, you can still find your tenant name and the API base URL you will use for API calls. To do so, view your session details when you are logged into your Identity Security Cloud instance. Change your URL to the following: `https://{your-Identity Security Cloud-hostname}.com/ui/session`, where `{your-Identity Security Cloud-hostname}` is your company's domain name for accessing Identity Security Cloud. The session detail you want is the `baseUrl`, which has the form of `https://{tenant}.api.identitynow.com`.
## Make Your First API Call
## Make your first API call
To get started, create a [personal access token](./authentication.md#generate-a-personal-access-token), which can then be used to generate access tokens to authenticate your API calls. To generate a personal access token from Identity Security Cloud, after logging into your Identity Security Cloud instance, do the following:

4
docs/api/v3/getting-started.md
View File

@@ -13,7 +13,7 @@ tags: ['Getting Started']
## Overview
This guide is intended to help you quickly make your first API call to SailPoint Identity Security Cloud and assumes an intermediate level of understanding of APIs. For beginners to APIs, we recommend you watch this presentation that covers the fundamentals of APIs with visual demonstrations of how to make an API call in SailPoint.
This guide is intended to help you quickly Make your first API call to SailPoint Identity Security Cloud and assumes an intermediate level of understanding of APIs. For beginners to APIs, we recommend you watch this presentation that covers the fundamentals of APIs with visual demonstrations of how to make an API call in SailPoint.
<div className="text--center">
<iframe width="560" height="315" src="https://www.youtube.com/embed/HOzkXRLx-T4?si=i9SvAS42kJaOirk1" title="YouTube video player" frameBorder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowFullScreen></iframe>
@@ -23,7 +23,7 @@ This guide is intended to help you quickly make your first API call to SailPoint
To form the proper URL for an API request, you must know your tenant name. To find your tenant name, log into Identity Security Cloud, navigate to Admin, select the Dashboard dropdown, and select Overview. The org name is displayed within the Org Details section of the dashboard. If you do not have admin access, you can still find your tenant name and the API base URL you will use for API calls. To do so, view your session details when you are logged into your Identity Security Cloud instance. Change your URL to the following: `https://{your-Identity Security Cloud-hostname}.com/ui/session`, where `{your-Identity Security Cloud-hostname}` is your company's domain name for accessing Identity Security Cloud. The session detail you want is the `baseUrl`, which has the form of `https://{tenant}.api.identitynow.com`.
## Make Your First API Call
## Make your first API call
To get started, create a [personal access token](./authentication.md#generate-a-personal-access-token), which can then be used to generate access tokens to authenticate your API calls. To generate a personal access token from Identity Security Cloud, after logging into your Identity Security Cloud instance, do the following:

86
docs/connectivity/saas-connectivity/build-basic-connector.md
View File

@@ -30,7 +30,7 @@ You will learn how to implement SaaS Connectivity [commands](https://developer.s
Once you have learned how to build an Airtable connector, you will know how to build basic SaaS connectors. You can then customize those connectors to best suit your organization's needs.
## SaaS Connectivity
## SaaS connectivity
[Connectors](https://documentation.sailpoint.com/saas/help/sources/index.html) are the bridges between ISC and the various source systems ISC needs to communicate with and aggregate data from. These connectors require the use of virtual appliances (VAs).
@@ -54,7 +54,7 @@ To build an Airtable connector, you will need these resources:
- [ISC](https://documentation.sailpoint.com/saas/help/setup/get_started.html): You need an ISC tenant you can connect to Airtable.
- [Airtable](https://airtable.com/): You need to create an account on Airtable, the source you are connecting to. Airtable is a cloud-based relational database platform - it is a bit like Excel, but it is useful for this example because you can send API requests to modify the data in the tables.
## Create Project
## Create project
To create your SaaS connector project, use a command line to navigate to your project directory and run this command:
@@ -72,7 +72,7 @@ code .
This command will launch VSCode in the folder you have open.
## Install Dependencies
## Install dependencies
The SaaS connnector project has dependencies - packages or libraries required for it to function. To install these dependencies, run this command in your terminal:
@@ -143,7 +143,7 @@ The 'package-lock.json' file looks something like this:
</details>
## Test Deployment
## Test deployment
You can now deploy your SaaS connector project. To deploy it, run this command:
@@ -163,7 +163,7 @@ npm run dev 4200
This command changes the port to `localhost:4200`.
## Create Airtable Table
## Create Airtable table
Open [Airtable](https://airtable.com/). Follow these steps to create the table you will use to set up the test data for your SaaS connector:
@@ -183,7 +183,7 @@ The table will look something like this example:
<details>
<summary>Example Airtable Table</summary>
<summary>Example Airtable table</summary>
| id | email | entitlements | fullname |
| ------------- | ------------------------------- | ------------ | ------------- |
@@ -214,7 +214,7 @@ Once you have installed the Airtable SDK, you will see it added to the list of d
}
```
## Get Airtable Configuration
## Get Airtable configuration
To connect to Airtable, you must be able to authenticate your API requests. To both learn how to configure your authentication as well as get the information you will need to do so, return to Airtable, go to the 'Help' menu, and access its API documentation. The API documentation is specific to the Airtable base and table you access it from.
@@ -243,7 +243,7 @@ To create the PAT you will need to pass as an `apiKey`, go to [Airtable Builder
4. Add the base you created to the list of bases the PAT can access.
5. Select the 'Create token' button.
## Configure Airtable Authentication
## Configure Airtable authentication
Once you have a PAT to pass as an `apiKey` and the base ID to pass as an `Airtable.base`, you can return to your code and configure your Airtable connector's authentication.
@@ -348,7 +348,7 @@ Once you have made these changes, your 'my-client.ts' file looks like this:
<details>
<summary>my-client.ts Updated for Authentication</summary>
<summary>my-client.ts updated for authentication</summary>
```typescript showLineNumbers
import { ConnectorError } from "@sailpoint/connector-sdk"
@@ -414,7 +414,7 @@ export class MyClient {
Your SaaS connector is now configured to authenticate its API requests to Airtable.
## Configure Postman Environment
## Configure Postman environment
Once your SaaS connector's authentication is configured, you can configure Postman to test the connection between the SaaS connector and Airtable.
@@ -439,7 +439,7 @@ Once your SaaS connector's authentication is configured, you can configure Postm
5. Select the environment from the environment dropdown menu. All your API requests will automatically include these variables, authenticating them for both Airtable and ISC.
## Implement Test Connection Command
## Implement test connection command
Once you have configured Postman for testing your API requests, you can almost test your SaaS connector's connection to Airtable. To do so, you must implement your first command: [Test Connection](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/commands/test-connection)
@@ -474,7 +474,7 @@ Your code should currently look like this:
<details>
<summary>Code with Test Connection Implemented</summary>
<summary>Code with test connection implemented</summary>
```typescript showLineNumbers
import { ConnectorError } from "@sailpoint/connector-sdk"
@@ -542,7 +542,7 @@ export class MyClient {
</details>
## Fork SaaS Connectivity Postman Collection
## Fork SaaS connectivity Postman collection
To start testing the SaaS connector's commands in Postman, you will need to get the SaaS Connectivity collection.
@@ -560,7 +560,7 @@ To get the SaaS Connectivity commands, follow these steps:
6. There are two folders within this collection, 'Connector Commands' and 'Customizer Commands'. Expand 'Connector Commands'. You will see all the available connector commands listed.
## Test Connection
## Test connection
Before you test the connection, make sure that your SaaS connector is running. Use this command in your terminal to run the connector:
@@ -617,7 +617,7 @@ Try sending it again. This is what the response may look like:
<details>
<summary>Connector Error</summary>
<summary>Connector error</summary>
```json
generic error:
@@ -716,7 +716,7 @@ To implement Account List, follow these steps:
2. [Write Account List Logic](#write-account-list-logic)
3. [Update Account List Command Handler](#update-account-list-command-handler)
### Create AirtableAccount Typescript File
### Create AirtableAccount Typescript file
To implement Account List and successfully aggregate account data into ISC, the first thing you must do is create a new Typescript file, titled 'AirtableAccount.ts'. You will use this file to create a class that will act as a wrapper around the Airtable account record data, which you can then convert to standard output formats and back to Airtable-compatible objects.
@@ -848,7 +848,7 @@ export class AirtableAccount {
</details>
### Write Account List Logic
### Write account list logic
Once you have finished creating your 'AirtableAccount.ts' file, you can implement the Account List logic. To do so, follow these steps:
@@ -886,7 +886,7 @@ Once you have finished making the changes, your 'my-client.ts' file will look so
<details>
<summary>my-client.ts with Account List</summary>
<summary>my-client.ts with account list</summary>
```typescript showLineNumbers
import { ConnectorError } from "@sailpoint/connector-sdk"
@@ -935,7 +935,7 @@ export class MyClient {
</details>
### Update Account List Command Handler
### Update account list command handler
The 'List Account' command is currently looking for attributes that don't exist in the 'Users' table (`username`, `firstName`, and `lastName`). To resolve this, you will have to open the 'index.ts' file to redefine what the command returns. To do so, follow these steps:
@@ -964,7 +964,7 @@ Once you have finished making your changes, your 'index.ts' file will look somet
<details>
<summary>index.ts file with Account List</summary>
<summary>index.ts file with account list</summary>
```typescript showLineNumbers
import {
@@ -1009,7 +1009,7 @@ export const connector = async () => {
</details>
## List Airtable Accounts
## List Airtable accounts
Once you have configured the 'AirtableAccount.ts', 'my-client.ts', 'index.ts', and 'connector-spec.json' files, you can test Account List. To do so, open Postman and open the 'Test local stdAccountList' command. Then open its 'Body'.
@@ -1032,7 +1032,7 @@ Your SaaS connector will get a successful response from Airtable, listing all th
<details>
<summary>Account List Command</summary>
<summary>Account list command</summary>
```json
{
@@ -1093,7 +1093,7 @@ Your SaaS connector will get a successful response from Airtable, listing all th
</details>
## Current Code
## Current code
At this point, your SaaS connector can successfully connect to Airtable and list accounts along with their attributes.
@@ -1265,7 +1265,7 @@ To create your SaaS connector in ISC and load account data from Airtable, you mu
6. [Configure ISC Connector](#configure-isc-connector)
7. [Aggregate Airtable Account Data](#aggregate-airtable-account-data)
### Build Project
### Build project
Building your SaaS connector project means compressing your SaaS connector project's files into a zip file before uploading the connector to ISC. Before you can build your connector, however, you must update your 'connector-spec.json' file.
@@ -1430,7 +1430,7 @@ The authentication process now looks for the correct keys, `apiKey` and `airtabl
This command bundles the SaaS connector project's files into a zip file, 'your-projectname-0.1.0.zip', located in your project's 'dist' folder. You can now send this zip file to ISC.
### Create Empty ISC Connector
### Create empty ISC connector
Before you can upload your SaaS connector to ISC, you must create an entry for the connector in your ISC tenant.
@@ -1454,7 +1454,7 @@ The output includes your new connector entry's name (alias) and its ID. You will
You can use the the `sail conn list` command to list the available connectors at any time. To learn more about the other available SaaS connector commands you can use with the SailPoint CLI, refer to [Connectors](/docs/tools/cli/connectors/#commands).
### Upload Connector to ISC
### Upload connector to ISC
Once you have created the SaaS connector in ISC and gotten its connector ID, you can upload your SaaS connector project to ISC. To upload your connector, run this command:
@@ -1474,7 +1474,7 @@ A successful response looks like this:
+--------------------------------------+---------+
```
### Test Connector
### Test connector
It can be very helpful to test your SaaS connector before you go through all the steps of configuring it in ISC.
@@ -1525,7 +1525,7 @@ The CLI will go through the different commands and skip tests for any commands t
+--------------------------+---------+--------+----------+--------------------------------+
```
### Configure ISC Connector
### Configure ISC connector
Once you have uploaded the SaaS connector to ISC and tested it, you can configure it in ISC. Follow these steps to configure your connector in ISC:
@@ -1543,7 +1543,7 @@ Once you have uploaded the SaaS connector to ISC and tested it, you can configur
6. Open the 'Review and Test' section. Select the 'Test Connection' button to test the connection to Airtable. You will receive a confirmation that the connection test was successful.
### Aggregate Airtable Account Data
### Aggregate Airtable account data
Once you have configured your SaaS connector in ISC and successfully connected to your Airtable base, you can aggregate the Airtable account data into ISC. To do so, follow these steps:
@@ -1553,7 +1553,7 @@ Once the accounts have been successfully loaded into ISC, you can view them by o
If you click an account in the list, you can see the account's attributes: `fullname`, `email`, `id`, and `entitlements`.
## Implement Account Read Command
## Implement account read command
Once you have configured the Account List command, it is natural to implement the last command included in the sample, [Account Read](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/commands/account-read), as well. The logic is similar, but the key difference is that instead of getting all the accounts and listing their attributes, you will get one account by its identity (Airtable row ID) and list its attributes.
@@ -1612,7 +1612,7 @@ To implement Account Read, follow these steps:
This is the logic: First, you must provide the Airtable record `id`. Then, the connector will loop through the records until it finds the one that matches your specified value. Once it finds the value, it will create an array of the one account record and return that array of one. It uses that record to build an ISC object for the account. If it can't find the record, it throws an error.
## Read Airtable Account
## Read Airtable account
Once you have configured Account Read in the 'AirtableAccount.ts', 'my-client.ts', and 'index.ts' files, you can test it in Postman.
@@ -1687,7 +1687,7 @@ Once you have configured Account Read in the 'AirtableAccount.ts', 'my-client.ts
}
```
## Implement Entitlement List
## Implement entitlement list
The next command you will implement is [Entitlement List](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/commands/entitlement-list), which will allow you to get a list of entitlements.
@@ -1734,7 +1734,7 @@ To implement Entitlement List, you must make these changes:
<details>
<summary>index.ts with Entitlement List</summary>
<summary>index.ts with entitlement list</summary>
```typescript showLineNumbers
import {
@@ -1908,7 +1908,7 @@ To implement Entitlement List, you must make these changes:
Once you have updated the 'connector-spec.json' file, you can test the Entitlement List.
## List Airtable Entitlements
## List Airtable entitlements
Once you have configured both the 'index.ts' and 'connector-spec.json' files, you can test Entitlement List. Open Postman and open the 'Test local stdEntitlementList' command.
@@ -1965,7 +1965,7 @@ A successful response will look something like this:
}
```
## Implement Entitlement Read
## Implement entitlement read
Once you have implemented the Entitlement List command, implementing [Entitlement Read](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/commands/entitlement-read) will be simple because you only have to update the 'index.ts' file and your changes will be similar to those you made for Entitlement List.
@@ -2000,7 +2000,7 @@ To implement the Entitlement Read command, open the 'index.ts' file and make the
The logic is similar to that of Entitlement List's command handler, but the key difference is that with this command, you specify a specific entitlement for the connector to find. The connector then returns that entitlement if it can find it, along with its attributes. If it can't find it, it throws the error, "Entitlement not found".
## Read Airtable Entitlement
## Read Airtable entitlement
Once you have configured both the 'index.ts' file, you can test Entitlement Read. Open Postman and open the 'Test local stdEntitlementRead' command.
@@ -2037,7 +2037,7 @@ A successful response will look something like this:
}
```
## Implement Account Create
## Implement account create
To create accounts in Airtable, you can use [Account Create](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/commands/account-create).
@@ -2096,7 +2096,7 @@ To implement the Account Create command, follow these steps:
5. Open 'connector-spec.json'. Add the `"std:account:create"` command to the array of supported `commands` at the beginning of the file.
## Create Airtable Account
## Create Airtable account
Once you have configured the Account Create command, you can use your connector to create accounts in Airtable, which can then be synced with ISC.
@@ -2145,7 +2145,7 @@ Send the request. You will receive a response like this:
You can then go to Airtable and see that your new account was created, along with all its attributes.
## Implement Account Delete
## Implement account delete
Once you can create accounts, you will want to delete them too. The next command you will implement, the [Account Delete](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/commands/account-delete), will allow you to do so.
@@ -2178,7 +2178,7 @@ To implement Account Delete, follow these steps:
3. Open the 'connector-spec.json' file. Add `std:account:delete` to the array of `commands` at the beginning of the file.
## Delete Airtable Account
## Delete Airtable account
Once you have configured the Account Delete command, you can test it.
@@ -2210,7 +2210,7 @@ Send the request. The successful response is empty:
You can check whether the the account has been deleted by running [Account List](#list-airtable-accounts).
## Implement Account Update
## Implement account update
The final command you will implement is [Account Update](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/commands/account-update). You can use this command to update the Airtable account's attributes.
@@ -2303,7 +2303,7 @@ To implement Account Update, follow these steps:
9. Open 'connector-spec.json'. Add `"std:account:update"` to the `"commands"` array at the beginning of the file.
## Update Airtable Account
## Update Airtable account
Once you have configured the Account Update command, you can test it.
@@ -2355,7 +2355,7 @@ Send the request. You will get this successful response:
To check your changes, you can open Airtable and see the identity's updated entitlements.
## Complete Code
## Complete code
You now have a SaaS connector that can get account data from Airtable and send it to ISC. You can also use the connector to make changes to the Airtable account data without opening Airtable at all.

2
docs/connectivity/saas-connectivity/common-cli-commands.md
View File

@@ -1,6 +1,6 @@
---
id: common-cli-commands
title: Common CLI Commands
title: Common CLI commands
pagination_label: Common CLI Commands
sidebar_label: Common CLI Commands
sidebar_position: 3

4
docs/connectivity/saas-connectivity/example-connectors.md
View File

@@ -1,6 +1,6 @@
---
id: example-connectors
title: Example Connectors
title: Example connectors
pagination_label: Example Connectors
sidebar_label: Example Connectors
sidebar_position: 5
@@ -13,4 +13,4 @@ tags: ['Connectivity']
- [Airtable connector](https://github.com/sailpoint-oss/airtable-example-connector) is a real connector that works like a flat file data source and is great for demonstrating how a connector works.
- [Discourse Connector](https://github.com/sailpoint-oss/discourse-connector-2) is a real connector that works with the [Discourse service](https://www.discourse.org/). The documentation for each command references code from this example application.
- [Discourse connector](https://github.com/sailpoint-oss/discourse-connector-2) is a real connector that works with the [Discourse service](https://www.discourse.org/). The documentation for each command references code from this example application.

10
docs/connectivity/saas-connectivity/index.md
View File

@@ -1,6 +1,6 @@
---
id: saas-connectivity
title: SaaS Connectivity
title: SaaS connectivity
pagination_label: SaaS Connectivity
sidebar_label: SaaS Connectivity
sidebar_position: 4
@@ -17,11 +17,11 @@ SaaS Connectivity is a cloud based connector runtime that makes developing and d
<iframe width="560" height="315" src="https://www.youtube.com/embed/1WPO7t0j1oc?si=RZjNJYUrDtKLmbvB" title="YouTube video player" frameBorder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowFullScreen></iframe>
</div>
## What Are Connectors
## What are connectors
Connectors are the bridges between the SailPoint Identity Security Cloud (ISC) SaaS platform and the source systems that ISC needs to communicate with and aggregate data from. An example of a source system ISC may need to communicate with would be an Oracle HR system or GitHub. In these cases, ISC synchronizes data between systems to ensure account entitlements and state are correct through the organization.
## Why We Are Introducing SaaS Connectivity
## Why we are introducing SaaS Connectivity
The primary driver for indroducing the SaaS Connectivity framework is to allow a way to connect to other cloud based sources in a truly SaaS architecture, without the need to rely on a VA. There are also other benefits that come with the SaaS Connectivity framework:
@@ -29,7 +29,7 @@ The primary driver for indroducing the SaaS Connectivity framework is to allow a
- Features to customize the user interface when configuring the connector that are specific to the source
- Support for more modern languages and frameworks
## Architecture of SaaS Connectivity
## Architecture of SaaS connectivity
VA connectors always communicate with external sources through the Virtual Appliance (VA) as seen in the diagram below:
@@ -43,7 +43,7 @@ With both SaaS connectivity and traditional VA connectivity in place, you can ha
![SaaS Connectivity and On Prem](./img/new_connectivity_diagram_both.png)
## Connectivity Encryption
## Connectivity encryption
Any direct connectors that specify a virtual appliance (VA) use [Zero Knowledge Encryption](https://community.sailpoint.com/t5/Lighthouse/Protecting-Sensitive-Data-with-Zero-Knowledge-Encryption/ta-p/79657?attachment-id=452) schemes with an RSA 2048-bit asymmetric key pair: there is a private key on the VA for decryption and a public key in the cloud (as part of the VA cluster) for encryption. You can read more about SailPoint's *Zero Knowledge Encryption* [here](../saas-connectivity/zero-knowledge-encryption.md).

2
docs/connectivity/saas-connectivity/postman-collection.md
View File

@@ -1,6 +1,6 @@
---
id: postman-collection
title: Postman Collection
title: Postman collection
pagination_label: Postman Collection
sidebar_label: Postman Collection
sidebar_position: 6

6
docs/connectivity/saas-connectivity/prerequisites.md
View File

@@ -11,7 +11,7 @@ slug: /connectivity/saas-connectivity/prerequisites
tags: ['Connectivity']
---
## Required Software
## Required software
### Node
@@ -21,7 +21,7 @@ To develop a connector, Node >= 18.0.0 is required. Download node from the [node
SailPoint provides a CLI tool to manage the connectors' lifecycles. To install and set up the CLI, [follow the instructions here](../../tools/cli) or you can directly download and install from the [GitHub releases page](https://github.com/sailpoint-oss/sailpoint-cli/releases)
## Recommended Software
## Recommended software
### IDE
@@ -43,7 +43,7 @@ The CLI init command creates a new folder with your project name in the location
Change the directory to the project folder and run ``npm install to install` the dependencies.
### Source Files
### Source files
The earlier command creates the initial project source directory below:

16
docs/connectivity/saas-connectivity/test-build-deploy.md
View File

@@ -11,7 +11,7 @@ slug: /connectivity/saas-connectivity/test-build-deploy
tags: ['Connectivity']
---
## Testing Your Connector
## Testing your connector
You can use the following Postman Collection file to locally run tests for each of the commands.
@@ -35,17 +35,17 @@ As you implement command handlers, you must test them. The connector SDK provide
- **input:** Input to provide to the command handler.
- **config:** The configuration values required to test locally. A `token` value is not required, but the default project specifies `token`, so you must include it in your request to begin.
## Create and Upload Connector Bundle
## Create and upload connector bundle
Follow these steps to use the CLI to package a connector bundle, create it in your Identity Security Cloud org, and upload it to Identity Security Cloud.
### Package Connector Files
### Package connector files
You must compress the files in the connector project into a zip file before uploading them to Identity Security Cloud.
Use the CLI to run `npm run pack-zip` to build and package the connector bundle. Put the resulting zip file in the `dist` folder.
### Create Connector In Your Org
### Create connector in your org
Before uploading the zip file, you must create an entry for the connector in your Identity Security Cloud org. Run `sail conn create "my-project"` to create a connector entry.
@@ -76,7 +76,7 @@ $ sail conn list
+--------------------------------------+----------------------------+
```
### Upload Connector Zip File to Identity Security Cloud
### Upload connector zip file to Identity Security Cloud
Run `sail conn upload -c [connectorID | connectorAlias] -f dist/[connector filename].zip` to upload the zip file built from the previous step to Identity Security Cloud.
@@ -106,11 +106,11 @@ Make sure that you implement a form of version control or regular backup process
:::
## Test Your Connector in Identity Security Cloud
## Test your connector in Identity Security Cloud
Follow these steps to test a connector bundle in both Identity Security Cloud and the Identity Security Cloud user interface (UI).
### Test Your Connector Bundle In Identity Security Cloud
### Test your connector bundle in Identity Security Cloud
The connector CLI provides ways to test invoking commands with any connector upload version. Before running a command, create a file, **config.json**, in the root project folder. Include any configuration items required to interact with the target web service in this file, such as API token, username, password, organization, version, etc. The following snippet is an example:
@@ -140,7 +140,7 @@ $ sail connectors invoke account-list -c example-connector -p config.json
>
> Ensure that you add config.json to your .gitignore file so you do not accidentally store secrets in your code repository.
## Test Your Connector from Identity Security Cloud UI
## Test your connector from Identity Security Cloud UI
Go to your Identity Security Cloud orgs source section. Create a source from the connector you just uploaded. This connector will display in the dropdown list: **example-connector (tag: latest)**

26
docs/connectivity/saas-connectivity/zero-knowledge-encryption.md
View File

@@ -1,6 +1,6 @@
---
id: zero-knowledge-encryption
title: Zero Knowledge Encryption
title: Zero knowledge encryption
pagination_label: Zero Knowledge Encryption
sidebar_label: Zero Knowledge Encryption
sidebar_position: 7
@@ -11,7 +11,7 @@ slug: /connectivity/saas-connectivity/zero-knowledge-encryption
tags: ['Connectivity']
---
## Protecting Sensitive Data with Zero Knowledge Encryption
## Protecting sensitive data with zero knowledge encryption
Organizations are rapidly adopting cloud-delivered software, or SaaS, which often uses sensitive user data such as account credentials.
This data is often sent across the Internet and potentially stored in databases and directories that may not be under the direct control of the companys IT department.
@@ -30,7 +30,7 @@ For example, encrypt credentials using 2048-bit RSA encryption, and then use Tra
The key is always kept separate from the encrypted data.
ISC delivers this level of security using a scalable and redundant architecture that, unlike many other solutions in the market, does not rely on using agents or opening the corporate firewall, and never exposes sensitive data to attack.
## Patented Zero Knowledge Encryption
## Patented zero knowledge encryption
IT organizations traditionally employ security measures to protect their networks such as firewalls and intrusion detection and prevention systems.
SailPoints *Zero Knowledge Encryption* (US Patents 9319395, 9722980, 10277566) secures administrative credentials in a way that is protected from breach, without impairing the effectiveness of these systems.
@@ -43,7 +43,7 @@ SailPoint's *Zero Knowledge Encryption* always meets these standards:
- All passwords are always encrypted a second time using a different encryption technique or technology, making a breach of credentials nearly impossible.
Since unencrypted credentials are never stored or sent over the internet, they are not vulnerable to attack.
## SailPoint Virtual Appliance
## SailPoint virtual appliance
*Zero Knowledge Encryption* uses the SailPoint virtual appliance (VA) to provide a secure, scalable, and redundant interface to both on-premises and cloud resources.
VAs are deployed in clusters behind the firewall of the enterprise datacenter without requiring ports to be opened, so the enterprises intrusion prevention and network security perimeter enforcement remains intact.
@@ -68,17 +68,17 @@ Multiple vaS may be deployed in each cluster to add horizontal scalability, redu
Multiple clusters may be deployed to meet the distributed needs of an organizations particular security model, such as deploying VAs in datacenters, whether they reside on-premises or are hosted in the cloud to communicate with SaaS systems.
VA clusters can be deployed within each datacenter or geography to keep security zones compartmentalized.
## Securing Sensitive Enterprise Data
## Securing sensitive enterprise data
Sensitive data in the enterprise is not limited to administrative credentials.
It is common for other critical information and credentials to be used as well, and their usage is not always obvious. ISC ensures this data is always secure.
### Identity Security Cloud Login and Authentication Information
### Identity Security Cloud login and authentication information
SailPoint uses *Zero Knowledge Encryption* along with multiple layers of encryption for authentication in ISC.
The specific methods of encryption are tailored for whichever authentication method is chosen by the administrator.
#### Identity Security Cloud Password
#### Identity Security Cloud password
When an ISC user creates their password, an SHA-256 hash is calculated, using a salt that itself is an SHA-256 hash of a random string.
This creates a cryptographic representation of the password that is then sent to ISC over a secure TLS connection, giving two layers of encryption.
@@ -86,7 +86,7 @@ It's the SHA-256 one-way cryptographic hash that is stored, not the plain-text p
Whenever the user signs in to ISC using their password on subsequent logins, this one-way hash is generated anew, authenticating the user into ISC based on the hash value.
#### Pass-Through Authentication
#### Pass-Through authentication
Pass-through authentication allows ISC users to authenticate using a trusted source of authentication, such as the companys Active Directory server.
When a pass-through authentication user creates or changes their password, ISC uses *Zero Knowledge Encryption* to encrypt the new password in the browser using the 2048-bit RSA public key hosted by the virtual appliance.
@@ -95,14 +95,14 @@ Inside the companys firewall, the VA derives the password, using the 2048-bit
When the user signs in to ISC in the future, this 2048-bit encrypted representation of the password is sent to the VA where the target system password is derived, within the customers firewall.
The target authentication system must then validate the users credentials.
#### Security Questions
#### Security questions
Most enterprises use security questions to provide strong authentication, such as validating the users identity for password changes or enabling access to higher security systems.
In ISC, the answers to users security questions are encrypted using SHA-256 to create a one-way hash, using a salt that includes a random string and the users Universally Unique Identifier (UUID).
This makes the answers to the users security questions virtually impossible to hack.
All of this is sent over TLS, providing at least two layers of encryption at all times.
### Third-Party Authentication
### Third-Party authentication
Many enterprises employ access management tools known as “Identity Providers” (or IdPs) to facilitate single sign-on and other features like self-service password reset for the applications and systems they use within their enterprise, multi-factor authentication, mobile device management and the like.
Because ISC enables many access-oriented actions for signed-in users, it becomes critical to understand how those users can be signed in to ISC.
@@ -110,7 +110,7 @@ Because ISC enables many access-oriented actions for signed-in users, it becomes
When a user is signing in to ISC from a third-party SSO tool, the security of the credentials used for this sign-in depends on the protocols or methods that SSO tool uses.
There are two methods of single sign-on in common use in the industry: credential replay and federation.
#### Credential Replay
#### Credential replay
With credential replay, the SSO tool automatically fills in the sign-in page username and password fields with a stored username and password when it's performing single sign-on.
To ensure that credentials cannot be compromised during credential replay, it's critical that you thoroughly evaluate how your SSO provider stores credentials and secures them when it's replaying into ISC.
@@ -123,13 +123,13 @@ With SAML, no password is used for signing in, and a password doesn't have to be
Because no credentials exist either at rest or in motion, SAML is very secure and has proven nearly impossible to hack.
ISC fully supports SAML for federated logins, which enables integration with the best in class access management products without putting critical credentials at risk.
### Secure Password Management
### Secure password management
When the user updates a password on a target application through ISC, they must use the administrative credentials for that target system or directory to set the new password.
ISC uses *Zero Knowledge Encryption* through the SailPoint VA to secure these sensitive administrative credentials.
Also, the new password itself is first encrypted prior to transmission to the target system, and a second form of encryption is applied while the new password is in motion or at rest.
### Automated Task Authentication
### Automated task authentication
ISC implements *Zero Knowledge Encryption* within the SailPoint virtual appliance to secure all these administrative actions that are used by automated tasks within the governance platform:

20
docs/extensibility/configuration-management/saas-configuration.mdx
View File

@@ -1,6 +1,6 @@
---
id: saas-configuration
title: SaaS Configuration
title: SaaS configuration
pagination_label: SaaS Configuration
sidebar_position: 4
sidebar_class_name: saasConfiguration
@@ -24,7 +24,7 @@ For more details around how to manage configurations, refer to [SailPoint SaaS C
This document is intended for technically proficient administrators, implementers, integrators or even developers. No coding experience is necessary, but being able to understand JSON data structures and make REST API web-service calls is necessary to fully understand this guide.
## Supported Objects
## Supported objects
A SailPoint tenant configuration comprises various objects and their details, such as an organization's different identity profiles, roles, certification campaigns, and more.
You can use the SaaS Configuration APIs to exclude objects from the imports and exports.
@@ -78,7 +78,7 @@ Source passwords, secret token or other sensitive data is not exported. Those ne
**Rule Import and Export -** Rules can be exported from one tenant and imported into another. Cloud rules have already been reviewed and installed in other tenants, and connector rules do not require a rule review. During the import and export process, rules cannot be changed in the migration process because these are validated by the usage of `jwsHeader` and `jwsSignature` in the object.
## Exporting Configurations
## Exporting configurations
### Prerequisites
@@ -96,7 +96,7 @@ Source passwords, secret token or other sensitive data is not exported. Those ne
5. **Get Export Results** - Once the status is `COMPLETE`, download the export results by calling `GET /beta/sp-config/export/{id}/download` where the `{id}` is the `jobId`.
6. **Response with Export Results** - In response, the export process will produce a set of JSON objects you can download as an export result set. These will reflect the objects that were selected in the export options earlier.
## Importing Configurations
## Importing configurations
### Prerequisites
@@ -120,7 +120,7 @@ You cannot import Non-Employee sources.
:::
## API Reference Guide
## API reference guide
| **Description** | **REST API Endpoint** |
| :------------------ | :----------------------------------------- |
@@ -132,7 +132,7 @@ You cannot import Non-Employee sources.
| Import Status | `GET /beta/sp-config/import/{id}` |
| Import Results | `GET /beta/sp-config/import/{id}/download` |
### List Configuration Objects
### List configuration objects
**Description**
@@ -236,7 +236,7 @@ Content-Type: application/json
</TabItem>
</Tabs>
### Export Objects
### Export objects
**Description**
@@ -318,7 +318,7 @@ You can only use the `includedIds` and `includedNames` filters when you're expor
:::
### Export Status
### Export status
**Description**
@@ -359,7 +359,7 @@ Content-Type: application/json
</TabItem>
</Tabs>
### Export Results
### Export results
**Description**
@@ -523,7 +523,7 @@ Content-Type: application/json
</TabItem>
</Tabs>
### Import Objects
### Import objects
**Description**

16
docs/extensibility/event-triggers/filtering-events.md
View File

@@ -1,6 +1,6 @@
---
id: filtering-events
title: Filtering Events
title: Filtering events
pagination_label: Filtering Events
sidebar_label: Filtering Events
sidebar_position: 4
@@ -11,15 +11,15 @@ slug: /extensibility/event-triggers/filtering-events
tags: ['Event Triggers']
---
## What is a Filter
## What is a filter
Many triggers can produce a staggering amount of events if left unfiltered, resulting in more network traffic and more processing time on a subscribing service. Your subscribing service usually only needs to be notified of events containing a key attribute or value you want to process. For example, the Identity Attributes Changed trigger emits an event whenever an identity has a change in attributes. This can occur during the mover process when an identity changes departments or a manager is promoted, resulting in several identities receiving a new manager. Rather than inundate your subscribing service with every identity change, you can use an event trigger filter to specify which events your service is interested in processing.
## Benefits of Using Filters
## Benefits of using filters
Network bandwidth and processing power come at a cost, especially when you are using managed solutions like AWS or no-code providers like Zapier. Without filtering, a subscribing service would be sent every single event that the trigger receives. The first thing any subscriber must do in this scenario is inspect each event to figure out which ones it must process and which ones it can ignore. Taking this approach with managed providers that charge per invocation, like AWS Lambda, can become expensive. Furthermore, some no-code providers may put a limit on the total number of invocations that a service can make in a given month, which would be quickly exhausted with this approach. Trigger filters take the filtering logic out of your subscribing service and place it on the event trigger within SailPoint, so you only receive the events matching your filter criteria.
## Constructing a Filter
## Constructing a filter
Event trigger filters are constructed using a **Jayway** JSONpath expression. See the following tables for a list of operators that can be used in a trigger filter.
@@ -116,17 +116,17 @@ Most of the examples provided in the operator tables above can be used against t
}
```
## Validating Filters
## Validating filters
When you are finished developing your JSONpath filter, you must validate it with SailPoint's trigger service. There are two ways to do this: use the UI or the API.
### Validating Filters Using the UI
### Validating filters using the UI
To validate a filter using the UI, subscribe to a new event trigger or edit an existing one. In the configuration options, paste your JSONpath expression in the `Filter` input box and select `Update`. If you do not receive an error message, then your filter expression is valid with SailPoint.
![UI filter](./img/ui-filter.png)
### Validating Filters Using the API
### Validating filters using the API
You can validate a trigger filter by using the [test filter](/docs/api/beta/test-subscription-filter) API endpoint. You must escape any double quotes, as seen in the example payload in the API description. Also, you must provide a sample input for the validation engine to run against. It is best to use the input example included in the input/output schemas for the event trigger you want to apply your filter to. Refer to [this table](/docs/api/beta/triggers#available-event-triggers) to find the schema of your event trigger. This is an example request:
@@ -172,7 +172,7 @@ POST https://{tenant}.api.identitynow.com/beta/trigger-subscriptions/validate-fi
}
```
## Testing Filters
## Testing filters
If SailPoint accepts your trigger filter, you must test whether it actually works. You must configure your trigger subscription to point to the URL of your testing service. [webhook.site](https://webhook.site) is an easy to use testing service. Just copy the unique URL it generates and paste it into your subscription's integration URL field. The easiest way to test a trigger subscription is to use the UI to fire off a test event.

10
docs/extensibility/event-triggers/index.md
View File

@@ -1,6 +1,6 @@
---
id: event-triggers
title: Event Triggers
title: Event triggers
pagination_label: Event Triggers
sidebar_label: Event Triggers
sidebar_position: 3
@@ -11,19 +11,19 @@ slug: /extensibility/event-triggers
tags: ['Event Triggers']
---
## What Are Triggers
## What Are triggers
The result of any action performed in a service is called an **event**. Services like Identity Security Cloud constantly generate events like an update to a setting or the completion of an account aggregation. Most events a service generates are of little value to clients, so services create event triggers, also known as web hooks, that allow clients to subscribe to specific events they are interested in. Similar to news letters or RSS feeds, each subscription tells the service what event a client is interested in and where to send the client the notification.
## How Are Triggers Different from APIs
## How are triggers different from APIs
The biggest difference between event triggers and APIs is how data is accessed. Requesting data with an API is an active process, but receiving data from an event trigger is a passive process. Clients who want to get the latest data with an API must initiate the request. Clients who subscribe to an event trigger do not need to initiate a request. They are notified when the event occurs. This is similar to keeping up with the latest world news on the internet. You can initiate the request for data by opening a news website in your browser, or you can subscribe to a mail list to receive the latest news as it happens.
## When to Use Triggers
## When to use triggers
It is best to use event triggers when you need to react to an event in real-time. Although you can set up a polling mechanism using APIs, polling uses more bandwidth and resources, and if you poll too quickly, you can reach an API's rate limits. Event triggers use less bandwidth, they do not affect your API rate limit, and they are as close as you can get to real-time. However, event triggers have downsides to consider. They must be accessible from the public internet so the trigger service knows where to send the notification, and they can be harder to configure and operate than APIs are.
## How to Get Started With Event Triggers
## How to get started with event triggers
Event triggers require different setup and testing steps than APIs do, so you should follow each document to better understand event triggers and the necessary steps to configure one. If this is your first time using event triggers, then you should use the [webhook testing service](./preparing-a-subscriber-service.md#webhook-testing-service) as you follow along.

12
docs/extensibility/event-triggers/preparing-a-subscriber-service.md
View File

@@ -1,6 +1,6 @@
---
id: preparing-subscriber-service
title: Preparing a Subscriber Service
title: Preparing a subscriber service
pagination_title: Preparing a Subscriber Service
sidebar_label: Preparing a Subscriber Service
sidebar_position: 2
@@ -13,7 +13,7 @@ tags: ['Event Triggers']
Before you can subscribe to an event trigger, you must prepare a service that can accept incoming HTTP requests from the event trigger service. More specifically, your client service must accept a POST request to an endpoint of its choosing, with the ability to parse the JSON data sent by the trigger. There are many ways to accomplish this, but this guide covers four of the most common types of client services you can build to handle event triggers.
## Webhook Testing Service
## Webhook testing service
There are many webhook testing websites that generate a unique URL you can use to subscribe to an event trigger and explore the data sent by the trigger. One site is https://webhook.site. This site generates a unique URL whenever you open it, which you can copy and paste into the subscription configuration in Identity Security Cloud. Any events that the trigger generates will be sent to this website for you to analyze.
@@ -21,23 +21,23 @@ There are many webhook testing websites that generate a unique URL you can use t
The purpose of webhook testing services is to make it easy to set up a trigger and see the data of the events that will eventually be sent to your production service. This can help in the early development process when you explore the data the event trigger sends and how to best access the data you need.
## Native SaaS Workflows
## Native SaaS workflows
Some SaaS vendors provide built-in workflow builders in their products so you do not have to use a no-code provider. Slack, for example, has a premium [workflow builder](https://slack.com/help/articles/360035692513-Guide-to-Workflow-Builder) feature that generates a unique URL you can use to configure your subscription. Slack's workflow builder can then listen for events sent by your trigger and perform Slack specific actions on the data, like sending a user a message when his or her access request is approved.
![Slack workflow](./img/slack-workflow.png)
## No-code Provider
## No-code provider
No-code/low-code providers, like Zapier and Microsoft Power Automate, make it easy to consume event triggers and perform actions based on the event data. They are popular solutions for those looking to prototype or quickly create automated business processes, and they cater to novices and advanced users alike. Each no-code provider has documentation about how to create a new workflow and subscribe to an event trigger or webhook, so you must find the relevant documentation for your no-code provider to learn how to set one up. Zapier has the ability to configure a webhook action that generates a unique URL you can configure in your event trigger subscription.
![Zapier webhook](./img/zapier-webhook.png)
## Custom Application
## Custom application
A custom application is one you write in a language of your choosing and host in your own infrastructure, cloud, or on-premise. This is the most advanced option for implementing an event trigger client service. Although it requires a great deal of skill and knowledge to build, deploy, and operate your own service that can consume requests over HTTP, a custom application offers the most power and flexibility to implement your use cases. You can learn more about custom applications by checking out our [Event Trigger Example Application](https://github.com/sailpoint-oss/event-trigger-examples).
### Visual Studio Code Port Forwarding
### Visual Studio Code port forwarding
When you're developing a custom application that can consume event triggers, ISC needs a public URL (Integration URL) it can send event data to. However, you may want to test your custom application locally. If you're using Visual Studio Code (VSCode), you can use its [built-in port forwarding feature](https://code.visualstudio.com/docs/debugtest/port-forwarding) to generate a public URL and then forward its web traffic into your local web service.

2
docs/extensibility/event-triggers/responding-to-a-request-response-trigger.mdx
View File

@@ -1,6 +1,6 @@
---
id: responding-to-response-required-triggers
title: Responding to Response Required Triggers
title: Responding to response required triggers
pagination_label: Responding to Response Required Triggers
sidebar_label: Responding to Response Required Triggers
sidebar_position: 6

8
docs/extensibility/event-triggers/subscribing-to-a-trigger.md
View File

@@ -1,6 +1,6 @@
---
id: subscribing-to-trigger
title: Subscribing to a Trigger
title: Subscribing to a trigger
pagination_label: Subscribing to a Trigger
sidebar_label: Subscribing to a Trigger
sidebar_position: 3
@@ -11,17 +11,17 @@ slug: /extensibility/event-triggers/subscribing-to-trigger
tags: ['Event Triggers']
---
## View the Available Triggers
## View the available triggers
SailPoint is continuously developing new event triggers to satisfy different use cases. Some of these triggers are considered **early access** and are only available in an ISC tenant upon request. To see a list of available event triggers in your tenant, go to the **Event Triggers** tab in the **Admin** section of Identity Security Cloud. The first page is a list of your tenant's available event triggers. You can select each trigger to learn more about its type, what causes it to fire, and what the payload will look like.
![Available triggers](./img/available-triggers.png)
## Subscribe to a Trigger from the UI
## Subscribe to a trigger from the UI
Usually, you will subscribe to event triggers using the user interface in ISC. Refer to [subscribing to event triggers](https://documentation.sailpoint.com/saas/help/common/event_triggers.html#subscribing-to-event-triggers) to learn how to subscribe to an event trigger through the ISC UI.
## Subscribe to a Trigger from the API
## Subscribe to a trigger from the API
Sometimes, you may need to use the API to subscribe to event triggers. This can occur when you want to programatically subscribe/unsubscribe from event triggers in a custom application or no-code solution that does not have a native integration with SailPoint.

10
docs/extensibility/event-triggers/testing-triggers.md
View File

@@ -1,6 +1,6 @@
---
id: testing-triggers
title: Testing Triggers
title: Testing triggers
pagination_label: Testing Triggers
sidebar_label: Testing Triggers
sidebar_position: 5
@@ -13,7 +13,7 @@ tags: ['Event Triggers']
It is important to test your trigger subscription configuration with your actual subscribing service (not a test site like [webhook.site](https://webhook.site)) before enabling your subscription for production use. Testing subscriptions ensures that your subscribing service can successfully receive events and that you are receiving the correct events based on the filter you have provided. If you're using Visual Studio Code (VSCode), you can use [VSCode Port Forwarding](/docs/extensibility/event-triggers/preparing-subscriber-service#visual-studio-code-port-forwarding) to forward event data from a public URL to your local service to test your subscriber service properly.
## Sending Test Invocations
## Sending test invocations
The easiest way to send a test event to your subscribing service is to use the **Test Subscription** command. Go to your subscription in the Event Trigger UI, select **Options** to the right of the subscription, and select **Test Subscription**.
@@ -59,7 +59,7 @@ POST `https://{tenant}.api.identitynow.com/beta/trigger-invocations/test`
## Troubleshooting
### Trigger Service Issues
### Trigger service issues
If your subscribing service is not receiving your test invocations, you have a couple of options to debug the issue. Start by viewing the activity log for the subscription in the UI to ensure your test events are actually being sent.
@@ -71,11 +71,11 @@ Check the **Created** date with the time you sent the test events. If they are b
You can also view the activity log by using the [list latest invocation statuses](/docs/api/beta/list-trigger-invocation-status) endpoint.
### Filter Issues
### Filter issues
If you do not see your events in the activity log, it may be a filtering issue. If the filter you configured on the subscription is not matching the test event data, no event will be sent. Double check your filter expression with the test payload in a JSONpath editor to ensure the filter is valid and matches your data. See [Filtering Events](./filtering-events.md) for more information.
### Misconfigured Subscription
### Misconfigured subscription
Double check that your subscription configuration is correct.

6
docs/extensibility/event-triggers/trigger-types.md
View File

@@ -1,6 +1,6 @@
---
id: trigger-types
title: Trigger Types
title: Trigger types
pagination_label: Trigger Types
sidebar_label: Trigger Types
sidebar_position: 1
@@ -11,7 +11,7 @@ slug: /extensibility/event-triggers/trigger-types
tags: ['Event Triggers']
---
## Fire and Forget
## Fire and forget
A fire and forget trigger only supports one-way communication with subscribers. Its only job is to forward each event it receives to each subscribing service. This trigger type doesn't wait for a response from subscribers. It has no way of knowing whether subscribers actually receive the event, and it doesn't have any mechanism for resending events. Think of this trigger type as live television. You can only see what is happening in real-time. You cannot rewind the live feed or interact with the broadcast in any way. This trigger type is the simplest and most common trigger type among SailPoint's event triggers.
@@ -21,7 +21,7 @@ Fire and forget triggers can have a maximum of 50 subscribers per event.
:::
## Response Required
## Response required
A response required trigger allows two-way communication between the trigger service and the subscriber. This trigger type expects a response from the subscriber with directions about how to proceed with the event. For example, the access request dynamic approval event trigger will send the subscriber details about the access request, and the subscriber may respond to the trigger with the identity ID to include in the approval process for an access request. This trigger type allows subscribers to not only receive events in real-time, but to act on them as well.

12
docs/extensibility/rules/connector-rules/before_after_operation_rule.md
View File

@@ -1,6 +1,6 @@
---
id: before-and-after-rule-operations
title: Before and After Operations on Source Account Rule
title: Before and after operations on source account Rule
pagination_label: Before and After Operations
sidebar_label: Before and After Rule Operations
sidebar_class_name: beforeAndAfterRuleOperations
@@ -10,7 +10,7 @@ slug: /extensibility/rules/connector-rules/before-and-after-rule-operations
tags: ['Rules']
---
# Before and After Operations on Source Account Rule
# Before and after operations on source account Rule
## Overview
@@ -42,11 +42,11 @@ The following operations can be performed on a source:
| Request | SailPoint.Utils.objects.AccountRequest | Reference to the account request provisioning instructions. |
| Result | SailPoint.Utils.objects.ServiceResult | Reference to the provisioning result that can be manipulated if necessary. |
## Architecture Best Practices
## Architecture best practices
For supportability, it is recommended that you write these operation rules with only the most basic logic necessary to trigger a PowerShell script and shift the bulk of the downstream events and/or modifications to the PowerShell script itself. This script would reside on the client's servers and can therefore be easily maintained or modified by the client as needed. It also allows the client to implement changes to the PowerShell scripted functionality without requiring code review by SailPoint because the code runs outside of the Identity Security Cloud platform.
## Rule Template
## Rule template
This example triggers on the BeforeCreate operation. If you want to use another operation, replace `BeforeCreate` in the name and `ConnectorBeforeCreate` in the type with one of the other operations described earlier in the [Overview](#overview) section.
@@ -120,7 +120,7 @@ if($enableDebug) {
</Rule>
```
## Powershell Script Template
## Powershell script template
You can also use the following Powershell script template for each operation in the [Overview](#overview) section. Be sure to update the `$logFile` variable with the operation you use to ensure you are logging to a file with the correct operation name.
@@ -226,6 +226,6 @@ if($enableDebug) {
}
```
## Attach to Source
## Attach to source
Refer to [Attaching Connector-Related Rules to Sources](./index.md#aftercreate-aftermodify-afterdelete-beforecreate-beforemodify-beforedelete-rules) for details on how to attach your rule to your source.

14
docs/extensibility/rules/connector-rules/index.md
View File

@@ -1,6 +1,6 @@
---
id: connector-executed-rules
title: Connector Executed Rules
title: Connector executed Rules
pagination_label: Connector Executed Rules
sidebar_label: Connector Executed Rules
sidebar_position: 3
@@ -15,7 +15,7 @@ tags: ['Rules']
Unlike cloud rules, connector rules do not have a rule review process and are directly editable with the [Connector Rule REST APIs](https://developer.sailpoint.com/docs/api/beta/connector-rule-management). For more details, see [Configuration Process](#configuration-process).
## Supported Connector Rules
## Supported connector Rules
| Rule Name | Rule Type | Source Type(s) | Purpose |
| --- | --- | --- | --- |
@@ -33,7 +33,7 @@ Unlike cloud rules, connector rules do not have a rule review process and are di
| [Web Services Before Operation Rule](./web_services_before_operation_rule.md) | [WebServiceBeforeOperationRule](./web_services_before_operation_rule.md) | Web Services | Executes before the next web-services HTTP(S) operation. Often used to calculate values. |
| [Web Services After Operation Rule](./web_services_after_operation_rule.md) | [WebServiceAfterOperationRule](./web_services_after_operation_rule.md) | Web Services | Executes after a web-services HTTP(S) operation. Often used to parse complex data. |
## Configuration Process
## Configuration process
Connector Rules are directly editable with the [Connector Rule REST APIs](https://developer.sailpoint.com/docs/api/beta/connector-rule-management), which provide ability to interact with rules directly.
@@ -48,7 +48,7 @@ Connector Rules are directly editable with the [Connector Rule REST APIs](https:
SailPoint architectural optimizations have added resiliency and protections against malformed or long-running rules. These APIs also offer built-in protection and checking against potentially harmful code. For more information, see [Rule Code Restrictions](../../rules/index.md#rule-code-restrictions).
## Connector Rule Object Model
## Connector Rule object model
```json
{
@@ -88,7 +88,7 @@ requestEndPoint.getBody().put(\"jsonBody\",requestXML); \n }\n
- `version` - String indicating the rule's version. Typically, this is the same as `sourceVersion`.
- `script` - Rules code the connector runs. This must be an escaped string. For help with formatting, use an escaping tool like [Free Formatter.](https://www.freeformatter.com/java-dotnet-escape.html#before-output)
## Attaching Connector-Related Rules to Sources
## Attaching connector-related Rules to sources
Once a connector-related rule has been imported to your tenant, you must configure any sources that need to reference that rule during the desired operation. You can accomplish this configuration through the execution of an API call on the source. The following examples all use a `PATCH` operation for a partial source update, but `PUT` operations work too, as long as the entire source object model is provided.
@@ -98,7 +98,7 @@ For the `PATCH` operations, you must provide an `op` key. For new configurations
- `replace` - Use this operation to change the existing value. Use this operation if you are updating the value, i.e. you want to change the configuration.
- `remove` - Removes a value from the configuration. Use this operation if you want to unset a value. **Caution: Removals can be destructive if the path is improperly configured. This can negatively alter your source config.**
## Example API calls by Rule Type
## Example API calls by Rule type
### BeforeProvisioning Rule
@@ -230,7 +230,7 @@ Content-Type: `application/json-patch+json`
]
```
### SAP HR Provisioning Modify Rule
### SAP HR provisioning modify Rule
`PATCH` /v3/sources/[id]

2
docs/extensibility/rules/connector-rules/jdbc_build_map_rule.md
View File

@@ -89,6 +89,6 @@ Boolean “inactive” attribute in the map.
</Rule>
```
## Attach to Source
## Attach to source
Refer to [Attaching Connector-Related Rules to Sources](./index.md#jdbcbuildmap-rule) for details on how to attach your rule to your source.

2
docs/extensibility/rules/connector-rules/jdbc_provision_rule.md
View File

@@ -175,6 +175,6 @@ This rule performs provisioning actions from a provisioning plan provided by a s
</Rule>
```
## Attach to Source
## Attach to source
Refer to [Attaching Connector-Related Rules to Sources](./index.md#jdbcprovision-rule) for details on how to attach your rule to your source.

2
docs/extensibility/rules/connector-rules/sap_buildmap_rule.md
View File

@@ -83,6 +83,6 @@ This rule gathers additional attributes from SAP systems to build accounts. This
</Rule>
```
## Attach to Source
## Attach to source
Refer to [Attaching Connector-Related Rules to Sources](./index.md#buildmap-rule) for details on how to attach your rule to your source.

2
docs/extensibility/rules/connector-rules/sap_hr_provisioning_modify_rule.md
View File

@@ -258,6 +258,6 @@ This rule is used by the SAP HR connector for provisioning of the data.
</Rule>
```
## Attach to Source
## Attach to source
Refer to [Attaching Connector-Related Rules to Sources](./index.md#sap-hr-provisioning-modify-rule) for details on how to attach your rule to your source.

2
docs/extensibility/rules/connector-rules/web_services_after_operation_rule.md
View File

@@ -155,6 +155,6 @@ log.error("RULES processedResponseObject after is " + processedResponseObject);
</Rule>
```
## Attach to Source
## Attach to source
Refer to [Attaching Connector-Related Rules to Sources](./index.md#webserviceafteroperation-rule) for details on how to attach your rule to your source.

2
docs/extensibility/rules/connector-rules/web_services_before_operation_rule.md
View File

@@ -140,6 +140,6 @@ import sailpoint.object.ProvisioningPlan.AccountRequest;
</Rule>
```
## Attach to Source
## Attach to source
Refer to [Attaching Connector-Related Rules to Sources](./index.md#webservicebeforeoperation-rule) for details on how to attach your rule to your source.

2
docs/extensibility/rules/guides/index.md
View File

@@ -1,6 +1,6 @@
---
id: guides
title: Rule Guides
title: Rule guides
pagination_label: Guides
sidebar_label: Guides
sidebar_position: 1

28
docs/extensibility/rules/guides/your_first_rule.md
View File

@@ -1,7 +1,7 @@
---
id: your-first-rule
title: Your First Rule
pagination_label: Your First Rule
title: Your first rule
pagination_label: Your irst Rule
sidebar_label: Your First Rule
sidebar_class_name: yourFirstRule
keywords: ['rules', 'guides', 'first']
@@ -21,7 +21,7 @@ In this guide you'll learn the end to end process of writing a cloud rule to gen
- [Validating the rule](#validate-the-rule)
- [Submitting for rule review](#submit-for-rule-review)
## Attribute Generator Rule
## Attribute generator Rule
This rule generates complex account attribute values during provisioning, e.g. when creating an account. You would typically use this rule when you are creating an account to generate attributes like usernames.
@@ -29,7 +29,7 @@ This rule executes in the Identity Security Cloud (ISC) cloud, and it has read-o
Refer to [Attribute Generator Rule](../cloud-rules/account_profile_attribute_generator.md) to learn more about the inputs available to you during the rule execution.
## Username Requirements
## Username requirements
With this rule you'll be able to generate a unique username and check for uniqueness for an Active Directory source.
@@ -41,7 +41,7 @@ The unique username will be generated as follows.
- If it is not unique then use the first 12 characters of the first name and add a period `.` and append the second character of the last name. Convert to lowercase. Check for uniqueness.
- Follow this pattern until a unique username is found. If all characters of the last name are exhausted, return null.
### Example Outputs
### Example outputs
The following example shows the output if the other name is not null, the othername.lastname is less than 12 characters and the username `james.doe` after being lowercased is unique.
@@ -124,7 +124,7 @@ For the attribute generator rule, you can begin with this template:
</Rule>
```
### Add Imports and generateUsername Function
### Add imports and generateUsername function
Add a description and the necessary imports for your rule. This rule will need `Identity` and `Application` from `sailpoint.object`, as well as a few other classes for working with strings. Also add the global constant, `MAX_USERNAME_LENGTH` - in this example, this rule will use the value of 12.
@@ -151,7 +151,7 @@ Add a description and the necessary imports for your rule. This rule will need `
</Rule>
```
### Get the firstName, lastName, and otherName Attributes and Sanitize Input
### Get the firstName, lastName, and otherName attributes and sanitize input
```java
<?xml version='1.0' encoding='UTF-8'?>
@@ -207,7 +207,7 @@ Add a description and the necessary imports for your rule. This rule will need `
</Rule>
```
### Logic if the Proposed Username Exceeds the Max Length
### Logic if the proposed username exceeds the max length
If the full name exceeds the `MAX_USERNAME_LENGTH` the rule will check whether the length of the first name is greater than the MAX_USERNAME_LENGTH minus 2 (in the case below 10) characters of the first name - this allows for the period `.` and the first character of the last name to take up the remaining two characters. If the first name is less than the `MAX_USERNAME_LENGTH` the rule will use the full first name for the username with the period `.` and the first character of the last name appended. After the username is determined, a call to `isUnique( username )` is made. This uses the ISCRuleUtil class to check Active Directory if the username exists. You will add in that function shortly.
@@ -248,7 +248,7 @@ if(fullName.length() > MAX_USERNAME_LENGTH) {
}
```
### Logic if the Proposed User Name Is Within the Max Length
### Logic if the proposed user name is within the max length
If the username firstname.lastname is less than or equal to the `MAX_USERNAME_LENGTH`, check it for uniqueness against active directory. If it is not unique, check uniqueness with firstname.firstLetterOfLastName, firstname.secondLetterOfLastName, etc...
@@ -278,7 +278,7 @@ else{
}
```
### Add Function `isUnique()` To Check Active Directory for Username
### Add function `isUnique()` to check active directory for username
The `isUnique()` function takes the username as a string and uses the `accountExistsByDisplayName()` function from the ISCRuleUtil class to search Active Directory and return a true or false result, depending on whether the username is taken. The function takes an application name and username to test against. The variables `idn` and `application` are included as inputs to the attribute generator rule and are already initialized. Refer to [inputs](../cloud-rules/account_profile_attribute_generator.md#input) to see all inputs available to attribute generator rules.
@@ -288,7 +288,7 @@ public boolean isUnique ( String username ) throws GeneralException {
}
```
### Invoke `generateUsername()` With the Identity's First and Last Name
### Invoke `generateUsername()` with the Identity's first and last name
This is the final part of the rule. Call the `generateUsername()` function, passing in the identity's first and last name. The `identity` variable is already initialized and included as input to our attribute generator rule.
@@ -296,7 +296,7 @@ This is the final part of the rule. Call the `generateUsername()` function, pass
return generateUsername( identity.getFirstname(), identity.getLastname() );
```
## The Complete Rule
## The complete Rule
```java
<?xml version='1.0' encoding='UTF-8'?>
@@ -481,11 +481,11 @@ Validation status: SUCCESS
________________________________________________________________________________
```
## Submit for Rule Review
## Submit for Rule review
To submit your Cloud Rule for review, approval, and inclusion in the SailPoint platform, submit a [SailPoint support portal request](https://support.sailpoint.com/csm) or send an email to `support@sailpoint.com`. Attach the rule, validator output, tenant name (e.g., acme-sb.identitynow.com for sandbox or acme.identitynow.com for production) and approval for expert services to proceed. If you need assistance writing and testing rules, Expert Services can assist in that process as well. Make sure your contact information is up to date so the review team can contact you if they need to.
## Add Rule To Account Creation
## Add Rule to account creation
Log into your ISC tenant and navigate to **Admin** -\> **Connections** -\> **Sources** -\> **[Source Name]** -\> **Accounts** -\> **Create Account**. Scroll to the attribute you wish to use the rule for generating the username. Check the generator radio button and pick your new rule from the drop down.

20
docs/extensibility/rules/idn_rule_utility.md
View File

@@ -1,6 +1,6 @@
---
id: rule-utility
title: Using IdnRuleUtil as a Wrapper for Common Rule Operations
title: Using IdnRuleUtil as a wrapper for common Rule operations
pagination_label: Identity Security Cloud Rule Utility
sidebar_label: Identity Security Cloud Rule Utility
sidebar_position: 4
@@ -25,7 +25,7 @@ There are three critical components involves with working with searchable attrib
- [Create rules that can be used to query the newly created attribute values](#create-rules-that-can-be-used-to-query-the-newly-created-attribute-values)
- [Implement rules within the Create Profile section of each source an account is being provisioned for](#implement-rules-within-the-create-profile-section-of-each-source-for-an-acount-is-being-provisioned-for)
## Configuration of Search Attributes within Identity Security Cloud
## Configuration of search attributes within Identity Security Cloud
When you are planning to implement search attributes, it is important that you consider the way new accounts' values will be generated and which attributes should be used as references.
@@ -62,7 +62,7 @@ The following information is necessary to create your search attribute:
- Display name for the new attribute configuration:
- `Promoted Email Address`
### Create the New Search Attribute in Identity Security Cloud
### Create the new search attribute in Identity Security Cloud
To call the APIs for search attributes, you need a personal access token and the name of your tenant to provide with the request. To retrieve a personal access token, see [Personal Access Tokens](../../api/authentication.md#generate-a-personal-access-token). To get the name of your tenant, see [Finding Your Organization Tenant Name](../../api/getting-started.md#find-your-tenant-name)
@@ -93,7 +93,7 @@ If this source has already been aggregated before the account search configurati
At this point, the configuration exists to promote attributes on any new/changed account that comes into Identity Security Cloud. These attributes and their associated values are stored for use in custom rules. Each account that exists on either of these sources will now have a new attribute called “promotedEmailAddress”. _The value of this attribute will be the value of `mail` if it is the Active Directory Source or `emailAddress` if it is the Workday source._
## Create Rules that Can Be Used to Query the Newly Created Attribute values
## Create Rules that can be used to query the newly created attribute values
To access the promoted attribute data mentioned in the above section, you can use library methods that have been implemented to allow access to that data. There are two methods that have been implemented:
@@ -160,7 +160,7 @@ Calling the _`idn.attrSearchCountAccounts()`_ method with both example source ID
If _`idn.attrSearchCountAccounts()`_ returns non-zero, it may be useful to determine which identity owns the account(s) containing that value. The _`idn.attrSearchGetIdentityName()`_ method will return that identity name.
## Implement Rules within the Create Profile Section of Each Source for an Acount is Being Provisioned For
## Implement Rules within the create profile section of each source for an acount is being provisioned for
Create Profile can be found at **Admin** > **Connections** > **Source** > `SourceName` > **Accounts** > **Create Profile**
@@ -176,7 +176,7 @@ Call _`idn.attrSearchCountAccounts()`_ to determine whether any other accounts a
In some cases where a non zero value is returned, it may be useful to know which identity owns the account that value belongs to. To find out this information, call _`idn.attrSearchGetIdentityName()`_ to determine the identity in question.
## IdnRuleUtil.java Descriptors
## IdnRuleUtil.java descriptors
:::caution
@@ -519,9 +519,9 @@ String value, String sortAttribute)
public boolean isUniqueLDAPValue(String identityNameOrId, String applicationNameOrId, String attributeName, String attributeValue)
```
## Example Usage
## Example usage
### Get an Entitlement Description
### Get an entitlement description
```java
//IdnRuleUtil is available in rules as the "idn" variable, which you can use the same way you can currently use context.
@@ -545,14 +545,14 @@ String entitlementDescription = idn.getManagedAttributeDescription(sourceId, att
boolean exists = idn.accountExistsByNativeIdentity(applicationName, nativeIdentity);
```
### Get the Name of the Identity Matching a Specific Account Search Result
### Get the name of the Identity matching a specific account search result
```java
//IdnRuleUtil is available in rules as the "idn" variable, which you can use the same way you can currently use context.
String identityName = idn.attrSearchGetIdentityName(sourceIdsAsList, attributeName, Operation.Equal, valuesToMatchAsList);
```
### Get Multiple Attributes from the First Account Retreived From a Source
### Get multiple attributes from the first account retreived from a source
```java
//IdnRuleUtil is available in rules as the "idn" variable, which you can use the same way you can currently use context.

18
docs/extensibility/rules/index.md
View File

@@ -21,7 +21,7 @@ Rules in Identity Security Cloud are written in Java Beanshell, a lightweight sc
For more information about Java Beanshell, you can refer to the [Java Beanshell Documentation](https://github.com/beanshell/beanshell/wiki).
## Rule Execution
## Rule execution
Identity Security Cloud (ISC) is a multi-tenant cloud solution, and its architecture varies differently from other SailPoint products like IdentityIQ (IIQ). Therefore, the way rules execute within ISC reflects the architectural design considerations the platform was built on. These considerations determine the rule's limitations.
@@ -42,31 +42,31 @@ For more details, see [Cloud Rules](./cloud-rules/index.md).
For more details, see the [Connector Rules](./connector-rules/index.md).
## Support Considerations
## Support considerations
Though ISC shares some common functionality with other SailPoint products like IIQ, the same rules are not necessarily supported, nor do they necessarily execute the same way or with the same context and variables. SailPoint recommends that you become familiar with which rules execute with which products, as well as the nuances in their execution contexts.
From a SailPoint support perspective, rules are considered configurations. SailPoint supports the underlying platform but not the rule configurations themselves. Any problems with the way rules are implemented or run over time are the responsibilities the customer or implementer must manage. SailPoint's ISC Expert Services need hours to cover any rule configuration work (e.g., creating rules, best practices reviews, application to your ISC environment, and promotion between sandbox & prod environments). Contact your Customer Success Manager with any questions. While rules allow some advanced flexibility, you must consider these support implications when you are deciding whether to implement rules. Consider rule usage a last resort, and use Identity Security Cloud features instead whenever you can.
## Best Practices for Rule deployments
## Best practices for Rule deployments
SailPoint ISC deployments often require the deployment of rules to the clients ISC tenants. Because ISC is a multi-tenant solution, rules that are poorly written can have negative performance implications on other tenants in the same cloud. As such, SailPoint requires all rules to be reviewed prior to deployment. The time to complete these reviews requires an expert services contract to leverage billable hours.
This article covers common topics around this process including best practices, rule review expectations, and more.
### SLAs for Rule Review
### SLAs for Rule review
SailPoint has a 24 hour SLA on rule deployments for rules submitted over weekdays and next business day for rules submitted over the weekend.
However, around 65% of rule reviews are completed in less 4 business hours, with the average turnaround time of 3-6 hours after ticket has been assigned. If a specific deployment window is required, you must alert SailPoint at least 48 hours in advance so that the time for the reviewer and deployment expert may be reserved.
### Go Live expectations
### Go live expectations
SailPoint rule review team members work from 9am-5pm Monday-Friday in their local time zones, excluding holidays. For clients planning to go live on a weekend, we recommend having rules deployed in the sandbox environment prior to go live so that they can be promoted to production without SailPoint involvement. See the section below entitled [Promoting Rules from Sandbox to Production](#promote-rules-from-sandbox-to-production).
Note that even for clients who purchase Weekend Go-Live Support, rule deploys are not covered in the Weekend Go Live service as there are multiple teams involved in the rule deploy process.
### Rule Deployments
### Rule deployments
SailPoint recommends only submitting one rule at a time or only rules that should be deployed together.
@@ -74,7 +74,7 @@ Typical rule reviews are billed at 15-30 minutes per rule. However, this can var
In the case of rejection, we recommend submitting a new ticket to avoid a scenario where a case owner is out of the office.
## Promote Rules from Sandbox to Production
## Promote Rules from sandbox to production
A rule that has been approved in a sandbox tenant through the SailPoint rule review process, like an IdentityAttribute, Correlation or ManagerCorrelation rule or any other rule type, for example, can be migrated to the production ISC tenant.
@@ -82,7 +82,7 @@ This applies to all rule types, as the signature has been approved/verified duri
For more details on the sp-config API see [sp-config](/docs/api/beta/export-sp-config)
## Rule Guidelines
## Rule guidelines
- **Supported Rules**
@@ -134,7 +134,7 @@ For more details on the sp-config API see [sp-config](/docs/api/beta/export-sp-c
- Be careful with iterative rules execution. Heavily iterative rules will have greater performance scrutiny.
- Do not iterate over lists of objects like accounts or identities. Doing so causes cache bloat. Use a projection query wherever possible to find the data you need, and then return the values you want. If you are unsure, ask [SailPoint Expert Services](https://www.sailpoint.com/services/professional/#contact-form).
## Rule Code Restrictions
## Rule code restrictions
The following code fragments are not allowed in any SailPoint [Cloud Rules](./cloud-rules/index.md) or [Connector Rules](./connector-rules/index.md). Any usage of these will be blocked in the system.

2
docs/extensibility/rules/rule-java-docs/index.mdx
View File

@@ -1,6 +1,6 @@
---
id: java-docs
title: Java Docs
title: Java docs
pagination_label: Java Docs
sidebar_label: Java Docs
sidebar_position: 6

2
docs/extensibility/transforms/guides/identity-context.md
View File

@@ -1,6 +1,6 @@
---
id: identity-context
title: Identity Attribute Context in Transforms
title: Identity attribute context in transforms
pagination_label: Identity Attribute Context
sidebar_label: Identity Attribute Context
sidebar_class_name: identityContextTransform

2
docs/extensibility/transforms/guides/index.md
View File

@@ -10,7 +10,7 @@ slug: /extensibility/transforms/guides
tags: ['Transforms', 'Guides']
---
# Transform Guides
# Transform guides
Not sure how to use transforms yet? Read these guides to see how you can use transforms and learn how to get started!

6
docs/extensibility/transforms/guides/lifecycle-state-transforms.md
View File

@@ -1,6 +1,6 @@
---
id: lifecycle-state-transform
title: Lifecycle State Transform
title: Lifecycle state transform
pagination_label: Lifecycle State Transform
sidebar_label: Lifecycle State Transform
sidebar_class_name: lifecycleStateTransform
@@ -220,7 +220,7 @@ Lines 34-36 use the comparison operator less than or equal to: `lte`. This uses
</details>
## Putting It All Together
## Putting it all together
Now that you have taken the time to understand each of the nested transforms, you can put it all together! You can now calculate lifecycle states for the identities with the [velocity if/else logic](https://people.apache.org/~henning/velocity/html/ch05s03.html) within the static transform.
@@ -250,7 +250,7 @@ This is the logic within the static transform:
```
<details>
<summary>Show Complete Transform</summary>
<summary>Show complete transform</summary>
```json
{

6
docs/extensibility/transforms/guides/provisioning-policy-transform.md
View File

@@ -1,6 +1,6 @@
---
id: transforms-in-provisioning-policies
title: Transforms in Provisioning Policies
title: Transforms in provisioning policies
pagination_label: Transforms in Provisioning Policies
sidebar_label: Transforms in Provisioning Policies
sidebar_class_name: transformsInProvisioningPolicies
@@ -129,7 +129,7 @@ This is an example create provisioning policy response for a source:
}
```
## Add to the Create policy
## Add to the create policy
This transform concatenates the identityAttributes `firstName`, `lastName`, the two digit month of the `hireDate` and the static string `Rt4e!` to form a temporaryPassword.
@@ -348,6 +348,6 @@ This is the example response with the full policy, along with the new attribute:
}
```
## Next Steps
## Next steps
For more information on all available transforms, refer to [Transform Operations](/docs/extensibility/transforms/operations). If you're having trouble creating your transform in provisioning policies, reach out with your question in the [Developer Community Forum](https://developer.sailpoint.com/discuss/)!

42
docs/extensibility/transforms/guides/temporary-password.md
View File

@@ -1,6 +1,6 @@
---
id: temporary-password
title: Generate Temporary Password
title: Generate temporary password
pagination_label: Generate Temporary Password
sidebar_label: Generate Temporary Password
sidebar_class_name: generateTemporaryPassword
@@ -26,7 +26,7 @@ For an initial (temporary) password, set a static value driven off a formula tha
- The user's two-digit start month comes next (from the user's hire date).
- The last part of the password is a static string: "RstP\*!7".
## Create the Example Source from a delimited file
## Create the example source from a delimited file
This is the CSV file you will upload to create your source for testing this transform:
@@ -44,7 +44,7 @@ Fill in the form to create a source:
The source configuration workflow will appear. Keep all the default settings and under **Review and Finish** on the left hand side, select **Exit Configuration**.
## Upload Schema and Accounts
## Upload schema and accounts
In your newly created source, go to **Import Data** > **Account Schema**. Under **Options**, select **Upload Schema**. Locate the CSV file from earlier in this document.
@@ -56,7 +56,7 @@ Now you can upload your accounts. Go to **Import Data** > **Import Accounts** >
![Account Summary](./img/account_summary.png)
## Create an Identity Profile for the Source
## Create an Identity Profile for the source
Create an identity profile for your source. Go to **Admin** > **Identities** > **Identity Profiles** and select **New**.
@@ -64,15 +64,15 @@ Create an identity profile for your source. Go to **Admin** > **Identities** > *
Fill out the form and select the source you created earlier.
## Create the Transform
## Create the transform
To create the transform for generating the user's temporary password, you will use multiple different operations. You are going to break it out into pieces and then put it all together at the end. The [static transform](../operations/static.md) will be your main transform. You will use nested transforms to create each part of the password and then use those variables created in the final value.
### The First Character is the User's First Initial in Lowercase
### The first character is the User's first initial in lowercase
The first part of the password is the user's first intitial in lowercase. You can create that attribute by using the [substring operation](../operations/substring.md) to get the first initial and then passing that attribute as input into the [lower operation](../operations/lower.md). In this example, the variable is `firstInitialLowercase`, and you will use it later in your static string.
**First Initial Variable**
**First initial variable**
```json
"firstInitialLowercase": {
@@ -96,7 +96,7 @@ The first part of the password is the user's first intitial in lowercase. You ca
}
```
**Transform Body**
**Transform body**
```json
{
@@ -127,11 +127,11 @@ The first part of the password is the user's first intitial in lowercase. You ca
}
```
### The User's Last Name Comes Next with the First Character in Uppercase
### The user's last name comes next with the first character in uppercase
Adding to the transform, you can create a variable for the first character of the last name. You can do so by using the [substring operation](/docs/extensibility/transforms/operations/substring) and the [upper operation](/docs/extensibility/transforms/operations/upper). Once you have the variable `lastInitialUppercase` created, you can add that variable to the end of the static string in the value key.
**Last Initial Variable**
**Last initial variable**
```json
"lastInitialUppercase": {
@@ -155,7 +155,7 @@ Adding to the transform, you can create a variable for the first character of th
}
```
**Transform Body**
**Transform body**
```json
{
@@ -207,7 +207,7 @@ Adding to the transform, you can create a variable for the first character of th
You also need the end of the last name without the first character you already have capitalized from the last step. You can get that by using the substring method and providing only the begin key, which will return everything after the index you specify.
**Last Name Variable**
**Last name variable**
```json
"endOfLastName": {
@@ -225,7 +225,7 @@ You also need the end of the last name without the first character you already h
}
```
**Transform Body**
**Transform body**
```json
{
@@ -288,11 +288,11 @@ You also need the end of the last name without the first character you already h
}
```
### The User's Two-Digit Start Month Comes Next, Taken from the Hire_Date
### The user's two-digit start month comes next, taken from the hire_date
To get the two-digit start month, use the [split operation](/docs/extensibility/transforms/operations/split). The `hire_date` is in the format of `YYYY-MM-DD`. To to get the month, split on `-` and set the index to return as 1.
**Hire Date Month Variable**
**Hire date month variable**
```json
"hireDateMonth": {
@@ -311,7 +311,7 @@ To get the two-digit start month, use the [split operation](/docs/extensibility/
}
```
**Transform Body**
**Transform body**
```json
{
@@ -388,11 +388,11 @@ To get the two-digit start month, use the [split operation](/docs/extensibility/
}
```
### The Last Part of the Password is a Static String: "RstP\*!7"
### The last part of the password is a static string: "RstP\*!7"
To add the final part of the password, which is the static string `RstP\*!7`, use the static operation.
**Static String Variable**
**Static string variable**
```json
"staticString": {
@@ -405,7 +405,7 @@ To add the final part of the password, which is the static string `RstP\*!7`, us
---
## Completed Transform
## Completed transform
```json
{
@@ -488,7 +488,7 @@ To add the final part of the password, which is the static string `RstP\*!7`, us
}
```
## Verify the Transform
## Verify the transform
To verify your transform is working, create the transfrom through the REST API.
@@ -594,6 +594,6 @@ This is an example table of values with the temporary password for each user:
| 100011 | frank.williams@sailpoint.com | Frank | Williams | 2020-07-10 | fWilliams07RstP\*!7 |
| 100012 | paddy.lowe@sailpoint.com | Paddy | Lowe | 2020-09-20 | pLowe09RstP\*!7 |
## Next Steps
## Next steps
Looking for more examples or having trouble with one of your complex transforms? Reach out in the [Developer Community Forum](https://developer.sailpoint.com/discuss/).

20
docs/extensibility/transforms/guides/your-first-transform.md
View File

@@ -1,6 +1,6 @@
---
id: your-first-transform
title: Your First Transform
title: Your first transform
pagination_label: Your First Transform
sidebar_label: Your First Transform
sidebar_class_name: yourFirstTransform
@@ -21,7 +21,7 @@ In this guide, you will learn how to use [Identity Security Cloud's Transform RE
- [Update a Transform](#update-a-transform)
- [Delete a Transform](#delete-a-transform)
## List Transforms in your Identity Security Cloud Tenant
## List transforms in your Identity Security Cloud tenant
To call the APIs for transforms, you need a personal access token and your tenant's name to provide with the request. For more information about how to get a personal access token, see [Personal Access Tokens](../../../api/authentication.md#generate-a-personal-access-token). For more information about how to get the name of your tenant, see [Finding Your Organization Tenant Name](../../../api/getting-started.md#find-your-tenant-name).
@@ -77,7 +77,7 @@ The response body contains an array of transform objects containing the followin
]
```
## Create a Transform
## Create a transform
This [lookup transform](../operations/lookup.md) takes the input value of an attribute, locates it in the table provided, and returns its corresponding value. If the transform does not find your input value in the lookup table, it returns the default value. Replace `{tenant}` and `{token}` with the values you got ealier.
@@ -99,7 +99,7 @@ curl --location --request POST 'https://{tenant}.api.identitynow.com/v3/transfor
}'
```
**Response Body:**
**Response body:**
```json
{
@@ -124,7 +124,7 @@ Once you have created the transform, you can find it in Identity Security Cloud
For more information about creating transforms, see [Create Transform](/docs/api/v3/create-transform).
## Get Transform by ID
## Get transform by ID
To get the transform created with the API, call the `GET` endpoint, using the `id` returned by the create API response.
@@ -133,7 +133,7 @@ curl --location --request GET 'https://{tenant}.api.identitynow.com/v3/transform
--header 'Authorization: Bearer {token}'
```
**Response Body:**
**Response body:**
```json
{
@@ -154,7 +154,7 @@ curl --location --request GET 'https://{tenant}.api.identitynow.com/v3/transform
For more information about getting a transform by its `id` see the API [Transform by ID](/docs/api/v3/get-transform).
## Update a Transform
## Update a transform
To update a transform, call the `PUT` endpoint with the updated transform body. This example adds another item to the lookup table, `EN-CA.`
@@ -183,7 +183,7 @@ curl --location --request PUT 'https://{tenant}.api.identitynow.com/v3/transform
}'
```
**Response Body:**
**Response body:**
```json
{
@@ -205,7 +205,7 @@ curl --location --request PUT 'https://{tenant}.api.identitynow.com/v3/transform
For more information about updating transforms, see [Update a transform](/docs/api/v3/update-transform).
## Delete a Transform
## Delete a transform
To delete the transform, call the DELETE endpoint with the `id` of the transform to delete. The server responds with a 204 when the transform is successfully removed.
@@ -216,6 +216,6 @@ curl --location --request DELETE 'https://{tenant}.api.identitynow.com/v3/transf
For more information about deleting transforms, see the API [Delete Transform](/docs/api/v3/delete-transform).
## Next Steps
## Next steps
Congratulations on creating your first transform! Now that you understand the lifecycle of transforms, see [complex usecase](./temporary-password.md) to learn how to use a nested transform structure to create a temporary password that can be sent to each user.

38
docs/extensibility/transforms/index.md
View File

@@ -15,7 +15,7 @@ customProps:
In SailPoint's cloud services, transforms allow you to manipulate attribute values while aggregating from or provisioning to a source. This guide provides a reference to help you understand the purpose, configuration, and usage of transforms.
## What Are Transforms
## What are transforms
Transforms are configurable objects that define easy ways to manipulate attribute data without requiring you to write code. Transforms are configurable building blocks with sets of inputs and outputs:
@@ -36,7 +36,7 @@ Sometimes transforms are referred to as Seaspray, the codename for transforms. I
:::
## How Transforms Work
## How transforms work
Transforms typically have an input(s) and output(s). The way the transformation occurs mainly depends on the type of transform. Refer to [Operations in Identity Security Cloud Transforms](./operations/index.md) for more information.
@@ -62,7 +62,7 @@ flowchart LR
</div>
### Multiple Transform Inputs
### Multiple transform inputs
In the previous examples, each transform had a single input. Some transforms can specify more than one input. For example, the [Concat transform](./operations/concatenation.md) concatenates one or more strings together. If `Foo` and `Bar` were inputs, the transformed output would be `FooBar`:
@@ -76,7 +76,7 @@ flowchart LR
</div>
### Complex Nested Transforms
### Complex nested transforms
For more complex use cases, a single transform may not be enough. It is possible to link several transforms together. Identity Security Cloud calls these 'nested' transforms because they are transform objects within other transform objects.
@@ -94,7 +94,7 @@ flowchart LR
There is no hard limit for the number of transforms that can be nested. However, the more transforms applied, the more complex the nested transform will be, which can make it difficult to understand and maintain.
## Configuring Transform Behavior
## Configuring transform behavior
Some transforms can specify an attributes map that configures the transform behavior. Each transform type has different configuration attributes and different uses. To better understand what is configurable per transform, refer to the Transform Types section and the associated Transform guide(s) that cover each transform.
@@ -112,7 +112,7 @@ flowchart LR
The output of the Replace transform would be `Baz` which is then passed as an input to the Concat transform along with `Foo` producing an output of `FooBaz`. This is then passed as an input into the Lower transform, producing a final output of `foobaz`.
## Transform Syntax
## Transform syntax
Transforms are JSON objects. Prior to this, the transforms have been shown as flows of building blocks to help illustrate basic transform ideas. However at the simplest level, a transform looks like this:
@@ -141,7 +141,7 @@ When uploading a transform to Identity Security Cloud it cannot exceed 400KB.
:::
## Template Engine
## Template engine
Seaspray ships with the Apache Velocity template engine that allows a transform to reference, transform, and render values passed into the transform context. Every string value in a Seaspray transform can contain templated text and will run through the template engine.
@@ -151,7 +151,7 @@ In the following string, the text `$firstName` is replaced by the value of first
If $firstName=John and $lastName=Doe then the string `$firstName.$lastName`would render as`John.Doe`.
### Identity Attribute Context
### Identity attribute context
The following variables are available to the Apache Velocity template engine when a transform is used to source an identity attribute.
@@ -161,7 +161,7 @@ The following variables are available to the Apache Velocity template engine whe
| attributeDefinition | sailpoint.object.ObjectAttribute | This is the definition of the attribute being promoted. |
| oldValue | Object | This is the attribute's previous value. |
### Account Profile Context
### Account profile context
The following variables are available to the Apache Velocity template engine when a transform is used in an account profile.
@@ -172,7 +172,7 @@ The following variables are available to the Apache Velocity template engine whe
| application | sailpoint.object.Application | This is the application backing the source that owns the account profile. |
| current | Object | This is the attribute's current value. |
## Implicit vs Explicit Input
## Implicit vs explicit input
A special configuration attribute available to all transforms is input. If the input attribute is not specified, this is referred to as implicit input, and the system determines the input based on what is configured. If the input attribute is specified, then this is referred to as explicit input, and the system's input is ignored in favor of whatever the transform explicitly specifies. A good way to understand this concept is to walk through an example. Imagine that Identity Security Cloud has the following:
@@ -181,7 +181,7 @@ A special configuration attribute available to all transforms is input. If the i
The following two examples explain how a transform with an implicit or explicit input would work with those sources.
### Implicit Input
### Implicit input
An identity profile is configured the following way:
@@ -201,7 +201,7 @@ Notice that the attributes has no input. This is an implicit input example. The
In this example, the transform would produce `services` when the source is aggregated because Source 1 is providing a department of `Services` which the transform then lowercases.
### Explicit Input
### Explicit input
As an example, the `Lowercase Department` has been changed the following way:
@@ -231,7 +231,7 @@ This is also an example of a nested transform.
:::
### Account Transforms
### Account transforms
Account attribute transforms are configured on the account create profiles. They determine the templates for new accounts created during provisioning events.
@@ -257,25 +257,25 @@ For details about authentication against REST APIs, refer to the [authentication
:::
#### Testing Transforms on Account Create
#### Testing transforms on account create
To test a transform for an account create profile, you must generate a new account creation provisioning event. This involves granting access to an identity who does not already have an account on this source; an account is created as a byproduct of the access assignment. This can be initiated with access request or even role assignment.
#### Applying Transforms on Account Create
#### Applying transforms on account create
Once the transforms are saved to the account profile, they are automatically applied for any subsequent provisioning events.
## Testing Transforms
## Testing transforms
**Testing Transforms in Identity Profile Mappings**
**Testing transforms in Identity Profile Mappings**
To test a transform for identity data, go to **Identities** > **Identity Profiles** and select **Mappings**. Select the transform to map one of your identity attributes, select **Save**, and preview your identity data.
**Testing Transforms for Account Attributes**
**Testing transforms for account attributes**
To test a transform for account data, you must provision a new account on that source. For example, you can create an access request that would result in a new account on that source, or you can assign a new role.
## Transform Best Practices
## Transform best practices
- **Designing Complex Transforms** - Start with small transform _building blocks_ and add to them. It can be helpful to diagram out the inputs and outputs if you are using many transforms.

8
docs/extensibility/transforms/operations/account-attribute.md
View File

@@ -1,6 +1,6 @@
---
id: account-attribute
title: Account Attribute
title: Account attribute
pagination_label: Account Attribute
sidebar_label: Account Attribute
sidebar_class_name: accountAttribute
@@ -22,7 +22,7 @@ Use the account attribute transform to look up an account for a particular sourc
:::
## Transform Structure
## Transform structure
The account attribute transform's configuration can take several attributes as inputs. The following example shows a fully configured transform with all required and optional attributes.
@@ -97,7 +97,7 @@ You cannot use `accountFilter` here because WORKER_STATUS\_\_c is not a searchab
:::
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -130,7 +130,7 @@ When you are mapping values like a username, focus on primary accounts from a pa
:::
**Transform Request Body**:
**Transform request body**:
```json
{

8
docs/extensibility/transforms/operations/base64-decode.md
View File

@@ -1,6 +1,6 @@
---
id: base64-decode
title: Base64 Decode
title: Base64 decode
pagination_label: Base64 Decode
sidebar_label: Base64 Decode
sidebar_class_name: base64Decode
@@ -22,7 +22,7 @@ The base64 decode transform allows you to take incoming data that has been encod
:::
## Transform Structure
## Transform structure
The base64 decode transform only requires the `type` and `name` attributes:
@@ -57,7 +57,7 @@ Output:
1234
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -80,7 +80,7 @@ iVBORw0KGgoAAAANSUhEUgAACUsAAAMPCAMAAADR/Oa6AAAAM1BMVEX///8BIWkBIWkBIWkBIWkBIWkB
Output: ![SailPoint Logo](./img/sailpoint_logo.png)
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/base64-encode.md
View File

File diff suppressed because one or more lines are too long

6
docs/extensibility/transforms/operations/concatenation.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
Use the concatenation transform to join two or more string values into a combined output. The concatenation transform often joins elements such as first and last name into a full display name, but it has many other uses.
## Transform Structure
## Transform structure
The concatenation transform requires an array list of `values` that need to be joined. These values can be static strings or the return values of other nested transforms.
@@ -41,7 +41,7 @@ The concatenation transform requires an array list of `values` that need to be j
This transform joins the user's first name from the "HR Source" with his/her last name, adds a space between them, and then adds a parenthetical note that the user is a contractor at the end.
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -76,7 +76,7 @@ This transform joins the user's first name from the "HR Source" with his/her las
This transform joins the user's job title with his/her job code value and adds a hyphen between those two pieces of data.
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/conditional.md
View File

@@ -22,7 +22,7 @@ Use the conditional transform to output different values depending on simple con
:::
## Transform Structure
## Transform structure
In addition to the `type` and `name` attributes, the conditional transform requires an `expression`, a `positiveCondition`, and a `negativeCondition`. If the expression evaluates to false, the transform returns the negative condition; otherwise it returns the positive condition.
@@ -53,7 +53,7 @@ In addition to the `type` and `name` attributes, the conditional transform requi
This transform takes the user's HR-defined department attribute and compares it to the value of "Science". If this is the user's department, the transform returns `true`. Otherwise, it returns `false`.
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -80,7 +80,7 @@ This transform takes the user's HR-defined department attribute and compares it
This transform extends the previous one by returning the output of another Seaspray transform depending on the result of the expression. You can assign Seaspray transforms' outputs to variables and then reference them within the `positiveCondition` and `negativeCondition` attributes.
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/date-compare.md
View File

@@ -21,7 +21,7 @@ Use the date compare transform to compare two dates and, depending on the compar
:::
## Transform Structure
## Transform structure
The date compare transform takes as an input the two dates to compare, denoted as `firstDate` and `secondDate`. The transform also requires an `operator` designation so it knows which condition to evaluate for. Lastly, the transform requires both a `positiveCondition` and a `negativeCondition` -- the former returns if the comparison evaluates to `true`; the latter returns if the comparison evaluates to `false`.
@@ -66,7 +66,7 @@ The date compare transform takes as an input the two dates to compare, denoted a
This transform accomplishes a basic lifecycle state calculation. It compares the user's termination date with his/her HR record. If the current datetime (denoted by `now`) is less than that date, the transform returns "active". If the current datetime is greater than that date, the transform returns "terminated".
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -94,7 +94,7 @@ This transform accomplishes a basic lifecycle state calculation. It compares the
This transform compares the user's hire date to a fixed date in the past. If the user was hired prior to January 1, 1996, the transform returns "legacy". If the user was hired later than January 1, 1996, it returns "regular".
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/date-format.md
View File

@@ -27,7 +27,7 @@ This transform leverages the Java SimpleDateFormat syntax; see the [References](
:::
## Transform Structure
## Transform structure
The date format transform takes whatever value provided as the input, parses the datetime based on the `inputFormat` provided, and then reformats it into the desired `outputFormat`.
@@ -66,7 +66,7 @@ Input: 144642632190
Output: 1974-08-02T02:30:32.190-00
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -90,7 +90,7 @@ Input: 4/1/1975
Output: 1975-04-01
```
**Transform Request Body**:
**Transform request body**:
```json
{

8
docs/extensibility/transforms/operations/date-math.md
View File

@@ -29,7 +29,7 @@ The output format for the DateMath transform is "yyyy-MM-dd'T'HH:mm". When you u
:::
## Transform Structure
## Transform structure
The date math transform takes the input value and executes addition, subtraction and/or rounding operations to that value based on an `expression` configuration value. As indicated earlier, the input datetime must be in [ISO8601 format](https://en.wikipedia.org/wiki/ISO_8601). The `expression` value leverages the following abbreviations to indicate which date or time component to evaluate:
@@ -96,7 +96,7 @@ Some examples of expressions are:
This transform takes the current date, subtracts five days from it, and rounds down to the lowest day.
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -115,7 +115,7 @@ This transform takes the current date, subtracts five days from it, and rounds d
This transform takes the `startDate` attribute from a user's record in the "HR Source," converts it from its native format to an [ISO8601-formatted](https://en.wikipedia.org/wiki/ISO_8601) string, and then adds twelve hours to it. The final value is then rounded up to the next second.
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -148,7 +148,7 @@ This transform takes the `startDate` attribute from a user's record in the "HR S
This transform take the `HIREDATE` from Workday and converts it to [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) to be used in the Date Math transform. The Date Math transform then creates a new Date of `HIREDATE + 1`. Since that is then outputted in the format "yyyy-MM-dd'T'HH:mm", you can then use it in a [dateFormat](/docs/extensibility/transforms/operations/date-format) transform to give a WIN32 formatted date.
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/decompose-diacritical-marks.md
View File

@@ -25,7 +25,7 @@ The decomposeDiacriticalMarks transform uses the [Normalizer library](https://do
After decomposition, the transform uses a [Regex Replace](https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html) to replace all diacritical marks by using the `InCombiningDiacriticalMarks` property of Unicode (ex. `replaceAll("[\\p{InCombiningDiacriticalMarks}]", "")`).
## Transform Structure
## Transform structure
The transform for decompose diacritical marks requires only the transform's `type` and `name` attributes:
@@ -55,7 +55,7 @@ Input: "Āric"
Output: "Aric"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -75,7 +75,7 @@ Input: "Dubçek"
Output: "Dubcek"
```
**Transform Request Body**:
**Transform request body**:
```json
{

4
docs/extensibility/transforms/operations/display-name.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
The transform forms an identitys `Display Name` value using the `Preferred Name` value when it exists over the `Given Name` (first name) value. The `Family Name` (last name) value is then appended to form the complete `Display Name`, e.g., ("Preferred Name" or "Given Name") + "Family Name"
## Transform Structure
## Transform structure
The displayName generator transform is intended for using Preferred Name over Given Name to create an identitys Display Name.
@@ -43,7 +43,7 @@ If the user's Preferred Name is `John`, Given Name is `Jonathan`, and Family Na
If the user's Preferred Name is not set, Given Name is `Jonathan`, and Family Name is `Doe`, the Display Name would be `Jonathan Doe`.
**Transform Request Body**:
**Transform request body**:
```json
{

8
docs/extensibility/transforms/operations/e164-phone.md
View File

@@ -20,7 +20,7 @@ Use the E.164 phone transform to convert an incoming phone number string into an
:::
## Transform Structure
## Transform structure
The E.164 phone transform only requires the transform's `type` and `name` attributes:
@@ -52,7 +52,7 @@ Input: "512-777-2222"
Output: "+1512459222"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -80,7 +80,7 @@ Input: "779.284.2727"
Output: "+17792842727"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -110,7 +110,7 @@ defaultRegion: "AU"
Output: "+61412345678"
```
**Transform Request Body**:
**Transform request body**:
```json
{

8
docs/extensibility/transforms/operations/first-valid.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
Use the first valid transform to perform if/then/else operations on multiple different data points to return the first piece of data that is not null. This is often useful for the SailPoint username (uid) attribute in which case each identity requires a value, but the desired information is not available yet (e.g., Active Directory username). In these cases, you can use a first valid transform to populate the uid attribute with the user's linked Active Directory (AD) account information if the uid attribute is not null. If the attribute is null, use a different attribute from a source that the user does have, like his/her employee number.
## Transform Structure
## Transform structure
The first valid transform requires an array list of `values` that you must consider. These can be static strings or other nested transforms' return values. Remember that the transform returns the first entry in the array that evaluates to a non-null value, so you are recommended to provide the entries in the array in descending order of preference.
@@ -64,7 +64,7 @@ The first valid transform requires an array list of `values` that you must consi
This transform first attempts to return the user's `sAMAccountName` from his/her AD account. In the event that the user does not have an AD account, the transform then attempts to return the user's Okta login. If the Okta login is also blank, the transform returns the user's employee ID from his/her HR record.
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -104,7 +104,7 @@ This transform first attempts to return the user's `sAMAccountName` from his/her
This transform is often useful for populating the work email identity attribute. Since the work email attribute is a required field for a valid identity, it cannot be blank. However, often new hires do not have an AD account and/or email provisioned until after the user has been provisioned. A common practice in this situation is to return a static string of "none" to ensure that this required attribute does not remain empty.
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -136,7 +136,7 @@ This transform is often useful for populating the work email identity attribute.
This transform is often useful for populating an attribute called "Manager DN". It pulls the manager of the identity and then gets the identity attribute "Network DN" for the manager. "Network DN" pulls directly from `distinguishedName` in AD. With this transform, you can set a user's manager's DN as an identity attribute to allow for attribute sync down to AD. Without `ignoreErrors` set to `true`, this transform throws a null pointer exception (NPE) for any user without a manager. With `ignoreErrors` set to true, the first value in the `firstValid` throws an error for users without managers, but the error is ignored, and the transform selects the empty string to set the "Manager DN" identity attribute to.
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/generate-random-string.md
View File

@@ -20,7 +20,7 @@ Use the generate random string transform as an out-of-the-box rule transform pro
:::
## Transform Structure
## Transform structure
The structure of a generate random string transform requires the `name` of the referenced rule to be the "Cloud Services Deployment Utility" rule built by SailPoint. You must also must set `operation` to `generateRandomString`, provide a `length`, and provide the true/false attributes for `includeNumbers` and `includeSpecialChars`. Last, you must include the `type` and `name` attributes required for all transforms:
@@ -69,7 +69,7 @@ The structure of a generate random string transform requires the `name` of the r
This transform generates a 16-character random string containing letters, numbers and special characters.
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -91,7 +91,7 @@ This transform generates a 16-character random string containing letters, number
This transform generates an 8-character random string containing only letters and numbers.
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/get-end-of-string.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
Use the get end of string transform as an out-of-the-box rule transform provided through SailPoint's Cloud Services Deployment Utility rule. The transform allows you to get the rightmost N characters of a string.
## Transform Structure
## Transform structure
The structure of a get end of string transform requires the `name` of the referenced rule to be the `Cloud Services Deployment Utility` rule built by SailPoint. You must also set `operation` to `getEndOfString,` and provide a `numChars` value. Last, you must include the `type` and `name` attributes required for all transforms:
@@ -53,7 +53,7 @@ Input: "abcd1234"
Output: "1234"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -73,7 +73,7 @@ Output: "1234"
This transform returns a null value because the incoming string length is only 15 characters long, but the transform requests the rightmost 16 characters.
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/get-reference-identity-attribute.md
View File

@@ -15,7 +15,7 @@ tags: ['Transforms', 'Transform Operations']
Use the get reference identity attribute transform as an out-of-the-box rule provided through SailPoint's Cloud Services Deployment Utility rule. The transform allows you to get the identity attribute of another user from within a given identity's calculation. For your convenience, the transform allows you to use "manager" as a referential lookup to the target identity.
## Transform Structure
## Transform structure
The structure of a get reference identity transform requires the `name` of the referenced rule to be the `Cloud Services Deployment Utility` rule built by SailPoint. Additionally, you must set the `operation` to `getReferenceIdentityAttribute` and specify a `uid` attribute that correlates to the identity whose attribute is desired. Last, you must include the `type` and `name` attributes required for all transforms:
@@ -50,7 +50,7 @@ The structure of a get reference identity transform requires the `name` of the r
This transform gets the user's manager's email address.
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -71,7 +71,7 @@ This transform gets the user's manager's email address.
This transform gets the alternate phone number for the user identified as "corporate.admin".
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/identity-attribute.md
View File

@@ -20,7 +20,7 @@ Use the identity attribute transform to get the value of a user's identity attri
:::
## Transform Structure
## Transform structure
The transform for identity attributes requires the desired identity attribute's system `name,` along with the `type` and `name` attributes:
@@ -50,7 +50,7 @@ The transform for identity attributes requires the desired identity attribute's
This transform returns a user's SailPoint User Name attribute.
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -68,7 +68,7 @@ This transform returns a user's SailPoint User Name attribute.
This transform returns a user's Employee Number attribute.
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/index-of.md
View File

@@ -20,7 +20,7 @@ Use the index of transform to get the location of a specific substring within an
:::
## Transform Structure
## Transform structure
The indexOf transform requires only the substring which you want to search for, along with the `type` and `name` attributes:
@@ -55,7 +55,7 @@ Input: "admin_jsmith"
Output: "0"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -78,7 +78,7 @@ Input: "abcabcabc"
Output: "1"
```
**Transform Request Body**:
**Transform request body**:
```json
{

2
docs/extensibility/transforms/operations/index.md
View File

@@ -12,7 +12,7 @@ tags: ['Transforms', 'Transform Operations']
This document lists each type of operation you can perform in a transform. Sometimes you will hear these transforms referred to as **Seaspray**, the codename for transforms.
## Transform Operations
## Transform operations
Seaspray ships out of the box with a number of primitive operations. The following sections describe the operations.

4
docs/extensibility/transforms/operations/iso-3166.md
View File

@@ -67,7 +67,7 @@ Input: "United States of America"
Output: "US"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -87,7 +87,7 @@ Input: "ES"
Output: "724"
```
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/last-index-of.md
View File

@@ -20,7 +20,7 @@ If the substring you are searching for occurs multiple times within the incoming
:::
## Transform Structure
## Transform structure
The lastIndexOf transform requires only the substring you want to search for, along with the transform's `type` and `name` attributes:
@@ -55,7 +55,7 @@ Input: "admin_jsmith"
Output: "0"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -73,7 +73,7 @@ Output: "0"
While the letter "b" occurs multiple times throughout the input string, the last time it occurs is within index location 7, so this transform returns that value.
**Transform Request Body**:
**Transform request body**:
```bash
Input: "abcabcabc"

6
docs/extensibility/transforms/operations/left-pad.md
View File

@@ -20,7 +20,7 @@ Use the left pad transform to pad an incoming string with a user-supplied charac
:::
## Transform Structure
## Transform structure
In addition to the standard `type` and `name` attributes, the left pad transform requires the `length` attribute, which tells the transform how many characters to pad the incoming string to.
@@ -58,7 +58,7 @@ Input: "1234"
Output: "00001234"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -82,7 +82,7 @@ Input: "1234"
Output: "xxx1234"
```
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/lookup.md
View File

@@ -20,7 +20,7 @@ Use the lookup transform to take in an incoming string value and compare it to a
:::
## Transform Structure
## Transform structure
In addition to the `type` and `name` attributes, the structure of a lookup transform involves a `table` entry of key-value pairs:
@@ -57,7 +57,7 @@ In addition to the `type` and `name` attributes, the structure of a lookup trans
This transform tries to map a telephone area code to a city in Texas. If there is no area code in the four provided values, the transform will return the default value of "Unknown Area."
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -81,7 +81,7 @@ This transform tries to map a telephone area code to a city in Texas. If there i
This transform extends the previous one to show how multiple key values can be mapped to the same output value. However, duplicate key values are not allowed, so this will throw an error.
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/lower.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
Use the lower transform to convert an input string into all lowercase letters.
## Transform Structure
## Transform structure
The lower transform only requires the transform's `type` and `name` attributes:
@@ -45,7 +45,7 @@ Input:"ACTIVE"
Output:"active"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -73,7 +73,7 @@ Input:"All-Access"
Output:"all-access"
```
**Transform Request Body**:
**Transform request body**:
```json
{

2
docs/extensibility/transforms/operations/name-normalizer.md
View File

@@ -29,7 +29,7 @@ The normalization logic within the transform handles a wide range of use cases:
- Convert "Y" to "y"
- Convert Roman numeral suffixes to all capitalized letters (e.g., "iii" becomes "III")
## Transform Structure
## Transform structure
The name normalizer transform only requires the transform's `type` and `name` attributes:

6
docs/extensibility/transforms/operations/random-alphanumeric.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
Use the random alphanumeric transform to generate a random string of any length, comprising both numbers and letters (both lowercase and uppercase).
## Transform Structure
## Transform structure
The random alphanumeric transform only requires the standard `type` and `name` attributes:
@@ -43,7 +43,7 @@ The random alphanumeric transform only requires the standard `type` and `name` a
Since no explicit length is provided, this transform generates a 32-character random string, such as "VtPeE9WL56lMTlvfjr02KXqS3KtgDSuk".
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -58,7 +58,7 @@ Since no explicit length is provided, this transform generates a 32-character ra
This transform generates a 10-character random string, such as "5GH2qsjU27".
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/random-numeric.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
Use the random numeric transform to generate a random number of any length.
## Transform Structure
## Transform structure
The random numeric transform only requires the standard `type` and `name` attributes:
@@ -43,7 +43,7 @@ The random numeric transform only requires the standard `type` and `name` attrib
No explicit length is provided, so this transform generates a 10-digit random integer, such as "2334776774".
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -58,7 +58,7 @@ No explicit length is provided, so this transform generates a 10-digit random in
This transform generates a 6-digit random integer, such as "759931".
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/reference.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
Use the reference transform to reuse a transform that has already been written within another transform. This transform is often useful when you want to repeat the same logic multiple times within other transforms. This transform allows you to maintain only one transform and have it propagate through to other implementations of that logic.
## Transform Structure
## Transform structure
In addition to the standard `type` and `name` attributes, the structure of a reference transform requires the name of the transform you want to reference specified in the `attributes.id` key:
@@ -44,7 +44,7 @@ In addition to the standard `type` and `name` attributes, the structure of a ref
If you had a "Get Worker Type" transform that evaluated multiple pieces of data to determine whether a user is an employee or a contractor, this transform would output the result of that transform just as if the logic were contained directly within this transform.
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -62,7 +62,7 @@ If you had a "Get Worker Type" transform that evaluated multiple pieces of data
This transform builds the user's display name, adds a hyphen to the end, and then adds the evaluated worker type from the earlier transform to build a string that would look something like "John Smith - Employee".
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/replace-all.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
The replace all transform works like the replace transform, except that it can perform multiple replace operations on the incoming data instead of just one pattern. Use the replace all transform to find multiple patterns of characters within incoming data and replace all instances of those patterns with alternate values. The transform recognizes standard regex syntax. See the [References](#references) section for more information about regex.
## Transform Structure
## Transform structure
The replace transform takes a `table` attribute of key-value pairs as an argument. Each pair identifies the pattern to search for as its key and the replacement string as its value. The transform also requires the standard `type` and `name` attributes:
@@ -53,7 +53,7 @@ Input: "Enrique Jose-Piñon"
Output: "Enrique Jose Pinon"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -80,7 +80,7 @@ Input: "ad512.777.1234"
Output: "512-777-1234"
```
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/replace.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
Use the replace transform to find a given pattern of characters within incoming data and replace all instances of that pattern with alternate values. The transform recognizes standard regex syntax. See the [References](#references) section for more information about regex.
## Transform Structure
## Transform structure
The replace transform takes a `regex` attribute as an argument to identify which pattern to replace and a `replacement` attribute for the characters to replace the pattern with. The transform also requires the standard `type` and `name` attributes:
@@ -51,7 +51,7 @@ Input: "Working with IIQ is fun"
Output: "Working with Identity Security Cloud is fun"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -75,7 +75,7 @@ Input: "The quick brown fox jumped over 10 lazy dogs"
Output: "Thequickbrownfoxjumpedoverlazydogs"
```
**Transform Request Body**:
**Transform request body**:
```json
{

2
docs/extensibility/transforms/operations/rfc-5646.md
View File

@@ -452,7 +452,7 @@ Use the list below to see how your country code or name will be converted.
|Zulu (South Africa)|zu_ZA|
</details>
## Transform Structure
## Transform structure
The transform for rfc5646 only requires the transform's type and name attributes:

6
docs/extensibility/transforms/operations/right-pad.md
View File

@@ -20,7 +20,7 @@ Use the right pad transform to pad an incoming string with a user-supplied chara
:::
## Transform Structure
## Transform structure
In addition to the standard `type` and `name` attributes, the right pad transform requires the `length` attribute, which tells the transform how many characters to pad the incoming string to.
@@ -57,7 +57,7 @@ Input: "1234"
Output: "12340000"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -81,7 +81,7 @@ Input: "1234"
Output: "1234xxx"
```
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/rule.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
Like the reference transform, the rule transform allows you to reuse logic that has already been written for a previous use case. However, you can use the rule transform to reuse code contained within a Transform rule that either is not possible through only transforms or is too complex to maintain with Seaspray.
## Transform Structure
## Transform structure
In addition to the standard `type` and `name` attributes, the structure of a rule transform requires the `name` of the rule you want to reference:
@@ -44,7 +44,7 @@ In addition to the standard `type` and `name` attributes, the structure of a rul
If you had a "Generate Random Number" rule that produced a random integer value, this transform would invoke that rule and return the output of the code contained within it.
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -62,7 +62,7 @@ If you had a "Generate Random Number" rule that produced a random integer value,
This transform shows a more complex use case in which you have a Transform rule written to perform various string manipulation tasks. If the manner the rule code uses to determine which task to run is passed to it by the `operation` variable and the operation is intended to get the last n characters of a string, n can be provided to the rule via the `numChars` variable. This transform invokes rule code to get the last three characters of the string passed to it with the UI configuration.
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/split.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
Use the split transform to use a specific character or regex string as a delimiter and convert a single incoming string into an array of values. This transform then returns the Nth element of that array. This transform is often useful when you want to split combined names into their constituent parts or when you want to simplify an ordered list of values into a single attribute.
## Transform Structure
## Transform structure
In addition to the standard `type` and `name` attributes, the split transform requires the `delimiter` and `index` attributes. These parameters, respectively, tell the transform what to use as the pattern to split the string with and which entry in the resulting array of values you want it to return.
@@ -54,7 +54,7 @@ Input: "abc:123"
Output: "123"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -78,7 +78,7 @@ Input: "The quick brown fox jumped over 10 lazy dogs"
Output: "fox"
```
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/static.md
View File

@@ -23,7 +23,7 @@ Use the static transform to return a fixed string value, or more commonly, to ev
:::
## Transform Structure
## Transform structure
In addition to the standard `type` and `name` attributes, the static transform requires a value attribute to be specified:
@@ -53,7 +53,7 @@ In addition to the standard `type` and `name` attributes, the static transform r
This transform uses a dynamic variable called `workerType`, which is set to the value of the user's HR record's empType value. The static transform then returns that value through the use of Velocity variable notation (i.e., `$<variableName>`).
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -78,7 +78,7 @@ This transform uses a dynamic variable called `workerType`, which is set to the
This transform extends the previous one to show how you can use if/else logic to return data based on contingent logic.
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/substring.md
View File

@@ -20,7 +20,7 @@ Use the substring transform to get the inner portion of a string passed into the
:::
## Transform Structure
## Transform structure
In addition to the standard `type` and `name` attributes, the substring transform requires you to provide the beginning location of the input, which indicates the start of the desired substring output:
@@ -60,7 +60,7 @@ Input: "abcdef"
Output: "cd"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -84,7 +84,7 @@ Input: "abcdef"
Output: "cde"
```
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/trim.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
Use the trim transform to trim whitespaces from both the beginning and ending of input strings.
## Transform Structure
## Transform structure
The trim transform only requires the transform's `type` and `name` attributes:
@@ -45,7 +45,7 @@ Input: " Vice President"
Output: "Vice President"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -73,7 +73,7 @@ Input: "Austin, Texas "
Output: "Austin, Texas"
```
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/upper.md
View File

@@ -14,7 +14,7 @@ tags: ['Transforms', 'Transform Operations']
Use the upper transform to convert an input string into all uppercase letters.
## Transform Structure
## Transform structure
The upper transform only requires the transform's `type` and `name` attributes:
@@ -45,7 +45,7 @@ Input: "inactive"
Output: "INACTIVE"
```
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -73,7 +73,7 @@ Input: "Everyone"
Output: "EVERYONE"
```
**Transform Request Body**:
**Transform request body**:
```json
{

6
docs/extensibility/transforms/operations/username-generator.md
View File

@@ -21,7 +21,7 @@ Use the username generator transform to specify logic to use when it derives a u
:::
## Transform Structure
## Transform structure
The username generator transform is intended for use as a configuration within the account create profile for a source. Thus, this transform's structure is more extensive than a typical Seaspray implementation -- it must be assigned to a create profile attribute (designated by `name`) and provide certain uniqueness check attributes such as `cloudMaxSize`, `cloudMaxUniqueChecks`, and `cloudRequired`.
@@ -111,7 +111,7 @@ This generator takes the user's first initial, appends the user's full last name
If the generator does not find a unique value within the first 25 tries, it returns an IllegalStateException.
**Transform Request Body**:
**Transform request body**:
```json
{
@@ -161,7 +161,7 @@ This generator takes the user's first name, appends a period and then the user's
If the generator does not find a unique value within the first 10 tries, it returns an IllegalStateException.
**Transform Request Body**:
**Transform request body**:
```json
{

4
docs/extensibility/transforms/operations/uuid-generator.md
View File

@@ -20,7 +20,7 @@ There is no uniqueness checking in this transform - the underlying code is writt
:::
## Transform Structure
## Transform structure
The UUID generator transform only requires the transform's `type` and `name` attributes:
@@ -45,7 +45,7 @@ The UUID generator transform only requires the transform's `type` and `name` att
This transform produces a UUID such as "f7493c55-f3fc-491a-b352-4664d71f885b".
**Transform Request Body**:
**Transform request body**:
```json
{

2
docs/extensibility/transforms/out-of-the-box-operations/index.md
View File

@@ -1,6 +1,6 @@
---
id: ootb-transforms
title: Out of the Box Transforms
title: Out of the box transforms
pagination_label: Out of the Box Transforms
sidebar_label: OOTB Transforms
sidebar_class_name: operations

4
docs/extensibility/transforms/out-of-the-box-operations/use-preferred-name.md
View File

@@ -1,6 +1,6 @@
---
id: use-preferred-name
title: Use Preferred Name
title: Use preferred name
pagination_label: Use Preferred Name
sidebar_label: Use Preferred Name
sidebar_class_name: usePreferredName
@@ -14,7 +14,7 @@ tags: ['Transforms', 'OOTB']
The `Use Preferred Name` transform uses the [displayName](../operations/display-name.md) operation and forms an identitys `Display Name` value using the `Preferred Name` value when it exists over the `Given Name` (first name) value. The `Family Name` (last name) value is then appended to form the complete `Display Name`, e.g., ("Preferred Name" or "Given Name") + "Family Name"
## Transform Structure
## Transform structure
```json
{

2
docs/guides/disable-access-profile-requests.md
View File

@@ -1,6 +1,6 @@
---
id: disable-access-profile-requests
title: Disable Access Profile Requests
title: Disable access profile requests
pagination_label: Disable Access Profile Requests
sidebar_label: Disable Access Profile Requests
sidebar_position: 1

2
docs/reporting/access-intelligence-center/index.md
View File

@@ -28,7 +28,7 @@ With Reader permission, users can view any public sheets available and make sele
For information on how to use AIC in your environment, see the documentation [here](https://documentation.sailpoint.com/saas/help/ai/access_insights/access_intelligence.html)
## Technical Documentation and Videos
## Technical documentation and videos
For Entity Relationship (ER) Diagrams that represent the data model in AIC as well as other documentation see the following pages

8
docs/reporting/access-intelligence-center/videos.md
View File

@@ -15,18 +15,18 @@ import Video from '@site/src/components/Video';
# Videos
### Out of the Box Charts and Dashboards
### Out of the box charts and dashboards
<Video source="//play.vidyard.com/Jd8waVWCZm3bZcNjJhRF2n.html?" container="vidyard" ></Video>
### Filtering and Responsive UI
### Filtering and responsive UI
<Video source="//play.vidyard.com/frpStJBTV8xeQaE95wmbHp.html?" container="vidyard" ></Video>
### Authoring and Creating new Sheets
### Authoring and creating new sheets
<Video source="//play.vidyard.com/1j49GXFzu8Tr5ZmyLEUxam.html?" container="vidyard" ></Video>
### Bookmarking Capabilities
### Bookmarking capabilities
<Video source="//play.vidyard.com/Sk9EaFTUcwKXRQ4efvsyKF.html?" container="vidyard" ></Video>

2
docs/reporting/secure-data-share/index.md
View File

@@ -28,7 +28,7 @@ If you would like to speak to a SailPoint representative about Secure Data Share
Secure Data Share is an add-on for Identity Security Cloud. Please contact your sales representative to discuss your SDS options. You must also have an AWS Snowflake account so that SailPoint can synchronize your tenant data with your Snowflake instance.
## Data Synchronization SLA
## Data synchronization SLA
Similar to Search, SDS has a synchronization service-level agreement (SLA) of 24 hours. This means it can take up to 24 hours for operational data in your tenant to be synchronized with your Snowflake database. SailPoint Search and SDS are two separate systems, and there is no guarantee on which service will receive updated data first. In some cases, operational data may appear in Search before SDS, and in other cases SDS may receive the data first.

14
docs/tools/cli/api.md
View File

@@ -21,7 +21,7 @@ The `api` command makes it easy to call SailPoint APIs and parse the results usi
- [put](#put-requests)
- [delete](#delete-requests)
## Get Requests
## Get requests
Run this command to get a list of transforms using the v2025 API:
@@ -49,7 +49,7 @@ To include headers with your API call—such as calling an experimental endpoint
sail api get /v2025/entitlements/ -H "X-SailPoint-Experimental:true"
```
### Query Parameters
### Query parameters
Use the `--query` or `-q` flag to provide query parameters.
@@ -63,7 +63,7 @@ Query parameters may need to be escaped depending on their use.
sail api get /v2025/entitlements -q filters="owner.id eq\"<identity_id>\"" -H "X-SailPoint-Experimental:true"
```
### Multiple Query Parameters
### Multiple query parameters
The `--query` flag can be used multiple times to provide additional query parameters.
@@ -73,7 +73,7 @@ Use the following command to return a single entitlement owned by a specific ide
sail api get /v2025/entitlements -q filters="owner.id eq\"<identity-id>\"" -q limit=1 -H "X-SailPoint-Experimental:true"
```
## Post Requests
## Post requests
Use the `post` subcommand to create resources.
@@ -89,7 +89,7 @@ Alternatively, use the `--body-file` or `-f` flag to provide the request body fr
sail api post /v2025/transforms --file-body ./transform.json
```
## Patch Requests
## Patch requests
Use the `patch` sub command to update resources.
@@ -99,7 +99,7 @@ Run the following command to update the owner of an access profile:
sail api patch /v2025/access-profiles/<access-profile-id> --body '[{"op":"replace","path":"/owner/id","value":"<identity-id>"}]'
```
## Put Requests
## Put requests
Run this command to replace a transform object using the v2025 API:
@@ -113,7 +113,7 @@ Use the `--body-file` or `-f` flag to provide the body of the request via a file
sail api put /v2025/transforms --file-body ./updated-transform.json
```
## Delete Requests
## Delete requests
Use this command to remove resources from Identity Security Cloud.

8
docs/tools/cli/index.md
View File

@@ -75,7 +75,7 @@ Then make sure you can run the `sail` command.
Each release on the [releases page](https://github.com/sailpoint-oss/sailpoint-cli/releases) includes a tarball that can be extracted and run on Linux. Or you can install using the available .deb or .rpm packages.
#### Deb Package
#### Deb package
Download the specific .deb package from the release you wish to install
@@ -89,7 +89,7 @@ sudo apt install ./sail_x.x.x_linux_amd64.deb
sudo apt install /path/to/deb/package/sail_x.x.x_linux_amd64.deb
```
#### RPM Package
#### RPM package
Download the specific .rpm package from the release you wish to install
@@ -124,11 +124,11 @@ You will be prompted for the following information:
- The Tenant URL - The web URL used to access your Identity Security Cloud tenant (ex. https://tenant.identitynow.com), this is used during the OAuth process.
- The API URL - The API URL used to access your Identity Security Cloud tenant (ex. https://tenant.api.identitynow.com), this is used for the api calls made by certain commands.
### OAuth Authentication
### OAuth authentication
With the default environment values populated you can immediately begin using the CLI with OAuth authentication. Just make sure OAuth is your selected authentication method, this can be done by running `sail set auth oauth`.
### PAT Authentication
### PAT authentication
After you have configured your environment, if you want to use PAT authentication, run the `sail set pat` command. You can then provide your PAT client ID and client secret.

4
docs/tools/cli/search.md
View File

@@ -100,7 +100,7 @@ Here is an example of a `query` command that sorts the results in ascending orde
sail search query "name:a*" --indices identities --sort name --sort "-created"
```
#### Folder Path
#### Folder path
Use the `folderPath` flag to specify the folder path to save the search results in. If you don't specify a `folderPath`, the results will save to a folder called "search_results", located within your current working directory.
@@ -132,7 +132,7 @@ You can append one flag to the `template` command to refine it:
- The flag, `folderPath`, allows you to specify the folder path where you want to save the search query result files.
#### Folder Path
#### Folder path
Use the `folderPath` flag to specify the folder path to save the search results in. If you don't specify a `folderPath`, the results will save to a folder called "search_results", located within your current working directory.

4
docs/tools/rule-development-kit/index.md
View File

@@ -11,7 +11,7 @@ slug: /tools/rule-development-kit
tags: ['RDK']
---
## Start Using the Rule Development Kit
## Start using the Rule Development Kit
The SailPoint Rule Development Kit (RDK) is a project you can use to develop rules more quickly and easily.
@@ -613,7 +613,7 @@ When your test runs, you will see the output of your logs. These logs can help w
[INFO] ------------------------------------------------------------------------
```
## Getting Support
## Getting support
To get support for the Rule Development Kit, please see our GitHub page, https://github.com/sailpoint-oss/rule-development-kit.

2
docs/tools/sdk/go/getting-started.md
View File

@@ -13,7 +13,7 @@ tags: ['SDK', 'Software Development Kit']
Once your SDK is installed and configured, you can start accessing the SDK's different functionalities. This guide will walk through some examples of this functionality. To learn how to install and configure the Golang SDK, refer to [Installation and Configuration](./index.mdx).
### List Transforms
### List transforms
Create a file in your project called `sdk.go` with the following content:

12
docs/tools/sdk/go/index.mdx
View File

@@ -58,7 +58,7 @@ The SDK is now installed. To learn how to configure the SDK, refer to the [Confi
</details>
<details>
<summary>Manual Installation</summary>
<summary>Manual installation</summary>
To begin your go project, you will need to create a directory for your project.
@@ -96,12 +96,12 @@ The SDK is now installed. To learn how to configure the SDK, refer to the [Confi
You must provide configuration to the SDK so that it can authenticate to your SailPoint tenant and make API calls. To do so, you can use a configuration file, "config.json", or environment variables.
### Configuration File
### Configuration file
The SDK requires a configuration file to be named "config.json". Within the file, provide these key/value pairs: `ClientId`, `ClientSecret`, `BaseURL`.
<details>
<summary>CLI Assisted <em>(Recommended)</em></summary>
<summary>CLI assisted <em>(recommended)</em></summary>
The SailPoint CLI offers a command to generate the "config.json" file with your currently configured CLI credentials.
```bash
@@ -129,7 +129,7 @@ sail sdk init config --env devrel
</details>
<details>
<summary>Manual Configuration</summary>
<summary>Manual configuration</summary>
Create a file named "config.json", and provide these key/value pairs: `ClientId`, `ClientSecret`, `BaseURL`.
@@ -187,7 +187,7 @@ To get your environment variables to persist across PowerShell sessions, run the
</TabItem>
</Tabs>
## Getting Support
## Getting support
To get support for the Go SDK, please see our GitHub page, https://github.com/sailpoint-oss/golang-sdk.
@@ -205,6 +205,6 @@ Before you contribute, you must sign our [CLA](https://cla-assistant.io/sailpoin
You can use this SDK to build new tools that extend your ISC platform and improve experiences across your organization. Use this guide to get started, and if you have questions, don't hesitate to reach out on the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss!
## Getting Started
## Getting started
To get started using the SDK, refer to the [Getting Started Guide](./getting-started.md).

2
docs/tools/sdk/powershell/error-handling.md
View File

@@ -1,6 +1,6 @@
---
id: powershell-sdk-error-handling
title: Error Handling with the PowerShell SDK
title: Error handling with the PowerShell SDK
pagination_label: PowerShell SDK
sidebar_label: Error Handling
sidebar_position: 7

6
docs/tools/sdk/powershell/getting-started.md
View File

@@ -40,7 +40,7 @@ Get-ActiveCampaigns List Campaigns
...
```
## List Transforms
## List transforms
Let's say that you wanted to see all the transforms available in your tenant. You can search for the cmdlet:
@@ -66,7 +66,7 @@ Get-Help Get-Transforms -Detailed
```
<details>
<summary>Cmdlet Response</summary>
<summary>Cmdlet response</summary>
```text
NAME
@@ -120,7 +120,7 @@ Running `Get-Transforms` will return a list of all transforms in your tenant.
Running `Get-Transforms -Limit 10 -Filter 'name sw Test"'` will return a list of no more than 10 transforms whose names start with `Test`.
## WithHttpInfo Switch
## WithHttpInfo switch
By default, the cmdlets return just the response from the API without including any information about status code or headers returned. Use the `-WithHttpInfo` switch to return this information with the response.

12
docs/tools/sdk/powershell/index.mdx
View File

@@ -26,7 +26,7 @@ You need the following to use the PowerShell SDK:
## Setup
<details>
<summary>CLI Assisted <em>(Recommended)</em></summary>
<summary>CLI assisted <em>(recommended)</em></summary>
The SailPoint CLI offers a few commands that will allow you to quickly get started with the PowerShell SDK. To learn how to install and use the SailPoint CLI, refer to [SailPoint CLI](https://developer.sailpoint.com/idn/tools/cli#get-the-cli).
@@ -75,7 +75,7 @@ The SDK is now installed. To learn how to configure the SDK, refer to the [Confi
</details>
<details>
<summary>Manual Installation</summary>
<summary>Manual installation</summary>
### Manually install the SDK
@@ -111,7 +111,7 @@ You must provide configuration to the SDK so that it can authenticate to your Sa
The SDK requires a configuration file to be named "config.json". Within the file, provide these key/value pairs: `ClientId`, `ClientSecret`, `BaseURL`.
<details>
<summary>CLI Assisted <em>(Recommended)</em></summary>
<summary>CLI assisted <em>(recommended)</em></summary>
The SailPoint CLI offers a command to generate the config.json file with your currently configured CLI credentials.
```bash
@@ -139,7 +139,7 @@ sail sdk init config --env devrel
</details>
<details>
<summary>Manual Configuration</summary>
<summary>Manual configuration</summary>
Create a file named "config.json", and provide these key/value pairs: `ClientId`, `ClientSecret`, `BaseURL`.
@@ -197,7 +197,7 @@ To get your environment variables to persist across PowerShell sessions, run the
</TabItem>
</Tabs>
## Getting Support
## Getting support
To get support for the PowerShell SDK, please see our GitHub page, https://github.com/sailpoint-oss/powershell-sdk.
@@ -215,6 +215,6 @@ Before you contribute, you must sign our [CLA](https://cla-assistant.io/sailpoin
You can use this SDK to build new tools that extend your ISC platform and improve experiences across your organization. Use this guide to get started, and if you have questions, don't hesitate to reach out on the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss!
## Getting Started
## Getting started
To get started using the SDK, refer to the [Getting Started Guide](./getting-started.md).

2
docs/tools/sdk/python/error-handling.md
View File

@@ -1,6 +1,6 @@
---
id: python-sdk-error-handling
title: Error Handling with The Python SDK
title: Error handling with The Python SDK
pagination_label: Error Handling
sidebar_label: Error Handling
sidebar_position: 8

2
docs/tools/sdk/python/getting-started.md
View File

@@ -13,7 +13,7 @@ tags: ['SDK']
Once your SDK is installed and configured, you can start accessing the SDK's different functionalities. To learn how to install and configure the Python SDK, refer to [Installation and Configuration](./index.mdx).
## List Transforms
## List transforms
One of the most useful functionalities of the Python SDK is the ability to easily access all the [V3 APIs](/docs/api/v3) and [Beta APIs](/docs/api/beta) and implement them in your project.

14
docs/tools/sdk/python/index.mdx
View File

@@ -27,7 +27,7 @@ You need the following to use the Python SDK:
## Setup
<details>
<summary>CLI Assisted <em>(Recommended)</em></summary>
<summary>CLI assisted <em>(recommended)</em></summary>
The SailPoint CLI offers a few commands that will allow you to quickly get started with the Python SDK. To learn how to install and use the SailPoint CLI, refer to [SailPoint CLI](https://developer.sailpoint.com/idn/tools/cli#get-the-cli).
@@ -57,7 +57,7 @@ The SDK is now installed. To learn how to configure the SDK, refer to the [Confi
</details>
<details>
<summary>Manual Installation</summary>
<summary>Manual installation</summary>
To begin your Python project, you will need to create a directory for your project.
@@ -93,12 +93,12 @@ The SDK is now installed. To learn how to configure the SDK, refer to the [Confi
You must provide configuration to the SDK so it can authenticate to your SailPoint tenant and make API calls. To do so, you can either use a configuration file, "config.json", or environment variables.
### Configuration File
### Configuration file
The SDK requires a configuration file to be named "config.json". Within the file, provide these key/value pairs: `ClientId`, `ClientSecret`, `BaseURL`.
<details>
<summary>CLI Assisted <em>(Recommended)</em></summary>
<summary>CLI assisted <em>(recommended)</em></summary>
The SailPoint CLI offers a command to generate the "config.json" file with your currently configured CLI credentials.
```bash
@@ -126,7 +126,7 @@ sail sdk init config --env devrel
</details>
<details>
<summary>Manual Configuration</summary>
<summary>Manual configuration</summary>
Create a file named "config.json", and provide these key/value pairs: `ClientID`, `ClientSecret`, `BaseUrl`.
@@ -184,7 +184,7 @@ To get your environment variables to persist across PowerShell sessions, run the
</TabItem>
</Tabs>
## Getting Support
## Getting support
To get support for the Python SDK, please see our GitHub page, https://github.com/sailpoint-oss/python-sdk.
@@ -202,6 +202,6 @@ Before you contribute, you must sign our [CLA](https://cla-assistant.io/sailpoin
You can use this SDK to build new tools that extend your Identity Security Cloud platform and improve experiences across your organization. Use this guide to get started, and if you have questions, don't hesitate to reach out on the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss!
## Getting Started
## Getting started
To get started using the SDK, refer to the [Getting Started Guide](./getting-started.md).

2
docs/tools/sdk/python/pagination.md
View File

@@ -1,6 +1,6 @@
---
id: python-sdk-pagination
title: Paginate Results with The Python SDK
title: Paginate results with The Python SDK
pagination_label: Paginate Results
sidebar_label: Paginate Results
sidebar_position: 5

2
docs/tools/sdk/typescript/error-handling.md
View File

@@ -1,6 +1,6 @@
---
id: typescript-sdk-error-handling
title: Error Handling with The TypeScript SDK
title: Error handling with The TypeScript SDK
pagination_label: Error Handling
sidebar_label: Error Handling
sidebar_position: 8

Some files were not shown because too many files have changed in this diff Show More