Creates a source in IdentityNow.

This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.

Query Parameters

• provisionAsCsv boolean

  If this parameter is true, it configures the source as a Delimited File (CSV) source. Setting this to true will automatically set the type of the source to DelimitedFile. You must use this query parameter to create a Delimited File source as you would in the UI. If you don't set this query parameter and you attempt to set the type attribute directly, the request won't correctly generate the source.

application/json

Request Body required

• name string required

  Human-readable name of the source

• description string

  Human-readable description of the source

• owner object required

  Reference to an owning Identity Object

  type string

  Possible values: [IDENTITY]

  The type of object being referenced

  id string

  ID of the identity

  name string

  Human-readable display name of the identity

• cluster object

  Reference to the associated Cluster

  type string

  Possible values: [CLUSTER]

  The type of object being referenced

  id string

  ID of the cluster

  name string

  Human-readable display name of the cluster

• accountCorrelationConfig object

  Reference to an Account Correlation Config object

  type string

  Possible values: [ACCOUNT_CORRELATION_CONFIG]

  The type of object being referenced

  id string

  ID of the account correlation config

  name string

  Human-readable display name of the account correlation config

• accountCorrelationRule object

  Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.

  type string

  Possible values: [RULE]

  The type of object being referenced

  id string

  ID of the rule

  name string

  Human-readable display name of the rule

• managerCorrelationMapping object

  Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity

  accountAttribute string

  Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.

  identityAttribute string

  Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.

• managerCorrelationRule object

  Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.

  type string

  Possible values: [RULE]

  The type of object being referenced

  id string

  ID of the rule

  name string

  Human-readable display name of the rule

• beforeProvisioningRule object

  Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.

  type string

  Possible values: [RULE]

  The type of object being referenced

  id string

  ID of the rule

  name string

  Human-readable display name of the rule

• schemas object[]

  List of references to Schema objects

  type string

  Possible values: [CONNECTOR_SCHEMA]

  The type of object being referenced

  id string

  ID of the schema

  name string

  Human-readable display name of the schema

• passwordPolicies object[]

  List of references to the associated PasswordPolicy objects.

  type string

  Possible values: [PASSWORD_POLICY]

  The type of object being referenced

  id string

  ID of the policy

  name string

  Human-readable display name of the policy

• features string[]

  Possible values: [AUTHENTICATE, COMPOSITE, DIRECT_PERMISSIONS, DISCOVER_SCHEMA, ENABLE, MANAGER_LOOKUP, NO_RANDOM_ACCESS, PROXY, SEARCH, TEMPLATE, UNLOCK, UNSTRUCTURED_TARGETS, SHAREPOINT_TARGET, PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, PASSWORD, CURRENT_PASSWORD, ACCOUNT_ONLY_REQUEST, ADDITIONAL_ACCOUNT_REQUEST, NO_AGGREGATION, GROUPS_HAVE_MEMBERS, NO_PERMISSIONS_PROVISIONING, NO_GROUP_PERMISSIONS_PROVISIONING, NO_UNSTRUCTURED_TARGETS_PROVISIONING, NO_DIRECT_PERMISSIONS_PROVISIONING]

  Optional features that can be supported by a source.

• type string

  Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the provisionasCsv query parameter to true.

• connector string required

  Connector script name.

• connectorClass string

  The fully qualified name of the Java class that implements the connector interface.

• connectorAttributes object

  Connector specific configuration; will differ from type to type.

• deleteThreshold int32

  Number from 0 to 100 that specifies when to skip the delete phase.

• authoritative boolean

  When true indicates the source is referenced by an IdentityProfile.

• managementWorkgroup object

  Reference to Management Workgroup for this Source

  type string

  Possible values: [GOVERNANCE_GROUP]

  The type of object being referenced

  id string

  ID of the management workgroup

  name string

  Human-readable display name of the management workgroup

• healthy boolean

  When true indicates a healthy source

• status string

  A status identifier, giving specific information on why a source is healthy or not

• since string

  Timestamp showing when a source health check was last performed

• connectorId string

  The id of connector

• connectorName string

  The name of the connector that was chosen on source creation

• connectionType string

  The type of connection (direct or file)

• connectorImplementstionId string

  The connector implementstion id

Responses

• 201
• 400
• 401
• 403
• 429
• 500

---

Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.

application/json

• Schema
• Example (from schema)

---

Schema

• id string

  the id of the Source

• name string

  Human-readable name of the source

• description string

  Human-readable description of the source

• owner object

  Reference to an owning Identity Object

  type string

  Possible values: [IDENTITY]

  The type of object being referenced

  id string

  ID of the identity

  name string

  Human-readable display name of the identity

• cluster object

  Reference to the associated Cluster

  type string

  Possible values: [CLUSTER]

  The type of object being referenced

  id string

  ID of the cluster

  name string

  Human-readable display name of the cluster

• accountCorrelationConfig object

  Reference to an Account Correlation Config object

  type string

  Possible values: [ACCOUNT_CORRELATION_CONFIG]

  The type of object being referenced

  id string

  ID of the account correlation config

  name string

  Human-readable display name of the account correlation config

• accountCorrelationRule object

  Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can't be used.

  type string

  Possible values: [RULE]

  The type of object being referenced

  id string

  ID of the rule

  name string

  Human-readable display name of the rule

• managerCorrelationMapping object

  Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity

  accountAttribute string

  Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.

  identityAttribute string

  Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.

• managerCorrelationRule object

  Reference to the ManagerCorrelationRule, only used when a simple filter isn't sufficient.

  type string

  Possible values: [RULE]

  The type of object being referenced

  id string

  ID of the rule

  name string

  Human-readable display name of the rule

• beforeProvisioningRule object

  Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.

  type string

  Possible values: [RULE]

  The type of object being referenced

  id string

  ID of the rule

  name string

  Human-readable display name of the rule

• schemas object[]

  List of references to Schema objects

  type string

  Possible values: [CONNECTOR_SCHEMA]

  The type of object being referenced

  id string

  ID of the schema

  name string

  Human-readable display name of the schema

• passwordPolicies object[]

  List of references to the associated PasswordPolicy objects.

  type string

  Possible values: [PASSWORD_POLICY]

  The type of object being referenced

  id string

  ID of the policy

  name string

  Human-readable display name of the policy

• features string[]

  Possible values: [AUTHENTICATE, COMPOSITE, DIRECT_PERMISSIONS, DISCOVER_SCHEMA, ENABLE, MANAGER_LOOKUP, NO_RANDOM_ACCESS, PROXY, SEARCH, TEMPLATE, UNLOCK, UNSTRUCTURED_TARGETS, SHAREPOINT_TARGET, PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, PASSWORD, CURRENT_PASSWORD, ACCOUNT_ONLY_REQUEST, ADDITIONAL_ACCOUNT_REQUEST, NO_AGGREGATION, GROUPS_HAVE_MEMBERS, NO_PERMISSIONS_PROVISIONING, NO_GROUP_PERMISSIONS_PROVISIONING, NO_UNSTRUCTURED_TARGETS_PROVISIONING, NO_DIRECT_PERMISSIONS_PROVISIONING]

  Optional features that can be supported by a source.

• type string

  Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the provisionasCsv query parameter to true.

• connector string

  Connector script name.

• connectorClass string

  The fully qualified name of the Java class that implements the connector interface.

• connectorAttributes object

  Connector specific configuration; will differ from type to type.

• deleteThreshold int32

  Number from 0 to 100 that specifies when to skip the delete phase.

• authoritative boolean

  When true indicates the source is referenced by an IdentityProfile.

• managementWorkgroup object

  Reference to Management Workgroup for this Source

  type string

  Possible values: [GOVERNANCE_GROUP]

  The type of object being referenced

  id string

  ID of the management workgroup

  name string

  Human-readable display name of the management workgroup

• healthy boolean

  When true indicates a healthy source

• status string

  A status identifier, giving specific information on why a source is healthy or not

• since string

  Timestamp showing when a source health check was last performed

• connectorId string

  The id of connector

• connectorName string

  The name of the connector that was chosen on source creation

• connectionType string

  The type of connection (direct or file)

• connectorImplementstionId string

  The connector implementstion id

{
  "id": "2c91808568c529c60168cca6f90c1324",
  "name": "My Source",
  "description": "This is the corporate directory.",
  "owner": {
    "type": "IDENTITY",
    "id": "2c91808568c529c60168cca6f90c1313",
    "name": "MyName"
  },
  "cluster": {
    "type": "CLUSTER",
    "id": "2c9180866166b5b0016167c32ef31a66",
    "name": "Corporate Cluster"
  },
  "accountCorrelationConfig": {
    "type": "ACCOUNT_CORRELATION_CONFIG",
    "id": "2c9180855d191c59015d28583727245a",
    "name": "Directory [source-62867] Account Correlation"
  },
  "accountCorrelationRule": {
    "type": "RULE",
    "id": "2c918085708c274401708c2a8a760001",
    "name": "Example Rule"
  },
  "managerCorrelationMapping": {
    "accountAttribute": "manager",
    "identityAttribute": "manager"
  },
  "managerCorrelationRule": {
    "type": "RULE",
    "id": "2c918085708c274401708c2a8a760001",
    "name": "Example Rule"
  },
  "beforeProvisioningRule": {
    "type": "RULE",
    "id": "2c918085708c274401708c2a8a760001",
    "name": "Example Rule"
  },
  "schemas": [
    {
      "type": "CONNECTOR_SCHEMA",
      "id": "2c9180835d191a86015d28455b4b232a",
      "name": "account"
    },
    {
      "type": "CONNECTOR_SCHEMA",
      "id": "2c9180835d191a86015d28455b4b232b",
      "name": "group"
    }
  ],
  "passwordPolicies": [
    {
      "type": "PASSWORD_POLICY",
      "id": "2c9180855d191c59015d291ceb053980",
      "name": "Corporate Password Policy"
    },
    {
      "type": "PASSWORD_POLICY",
      "id": "2c9180855d191c59015d291ceb057777",
      "name": "Vendor Password Policy"
    }
  ],
  "features": [
    "SYNC_PROVISIONING",
    "MANAGER_LOOKUP",
    "SEARCH",
    "PROVISIONING",
    "AUTHENTICATE",
    "GROUP_PROVISIONING",
    "PASSWORD"
  ],
  "type": "OpenLDAP - Direct",
  "connector": "active-directory",
  "connectorClass": "sailpoint.connector.LDAPConnector",
  "connectorAttributes": {
    "healthCheckTimeout": 30,
    "authSearchAttributes": [
      "cn",
      "uid",
      "mail"
    ]
  },
  "deleteThreshold": 10,
  "authoritative": false,
  "managementWorkgroup": {
    "type": "GOVERNANCE_GROUP",
    "id": "2c91808568c529c60168cca6f90c2222",
    "name": "My Management Workgroup"
  },
  "healthy": true,
  "status": "SOURCE_STATE_HEALTHY",
  "since": "2021-09-28T15:48:29.3801666300Z",
  "connectorId": "active-directory",
  "connectorName": "Active Directory",
  "connectionType": "file",
  "connectorImplementstionId": "delimited-file"
}

Client Error - Returned if the request body is invalid.

application/json

• Schema
• Example (from schema)

---

Schema

• detailCode string

  Fine-grained error code providing more detail of the error.

• trackingId string

  Unique tracking id for the error.

• messages object[]

  Generic localized reason for error

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

• causes object[]

  Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

• Schema
• Example (from schema)

---

Schema

• error

  A message describing the error

{
  "error": "JWT validation failed: JWT is expired"
}

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

• Schema
• Example (from schema)
• 403

---

Schema

• detailCode string

  Fine-grained error code providing more detail of the error.

• trackingId string

  Unique tracking id for the error.

• messages object[]

  Generic localized reason for error

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

• causes object[]

  Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

• Schema
• Example (from schema)

---

Schema

• message

  A message describing the error

{
  "message": " Rate Limit Exceeded "
}

Internal Server Error - Returned if there is an unexpected error.

application/json

• Schema
• Example (from schema)
• 500

---

Schema

• detailCode string

  Fine-grained error code providing more detail of the error.

• trackingId string

  Unique tracking id for the error.

• messages object[]

  Generic localized reason for error

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

• causes object[]

  Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Loading...