I have not worked much with the IGI REST API - so I have not the knowledge whether this is supported or not. I suppose you have already checked the formal documentation https://www.ibm.com/docs/en/sig-and-i/10.0.2?topic=interfaces-verify-governance-rest-apis and eventual technotes from IBM Support e.g. https://www.ibm.com/support/pages/node/7005521?
If the documentation does not cover your question please raise a support case and hopefully the IBM Support SMEs will be able to help you out and also add the missing pieces either to the formal documentation or as a technote.
HTH
------------------------------
Franz Wolfhagen
WW IAM Solution Engineer - Certified Consulting IT Specialist
IBM Security Expert Labs
------------------------------
Original Message:
Sent: Sat August 10, 2024 01:39 AM
From: Supun Munasinghe
Subject: ISVG Extended SCIM Schema
Hi Franz,
Thanks a lot for your descriptive answer.Help me out to summarize it. The requirement is to expose the ISVG API (https://www.example.com:9343/igi/v2/agc/users?groupId=123) for external systems so they can consume it and on board users into ISVG. same time we need to have more fields in the incoming payload other than specified in the api specification. need to know is this possible? If yes what sort of changes are involved in the ISVG side.
------------------------------
Supun Munasinghe
Original Message:
Sent: Mon August 05, 2024 07:00 AM
From: Franz Wolfhagen
Subject: ISVG Extended SCIM Schema
That is a very short question that requires a very long answer - I will try to reduce it as much as possible but this is really a deep architectural question that is not something you can answer easily.
One thing though - you are mentioning "User Schema" and "SCIM apis" - is this for ISVG IGI or ISVG IM (aka ISIM) ?
As I do not know the answer for this the first answer here will be generic.
- When you design your IDM solution the data needed for you internal processes must be available. But the data also need to be recorded in the right way (syntax and semantics). Consider this is 3 step process
- Identifying data authoritative source - normally this is some kind of HR system (e.g. SAP HCM) for employees but could be whatever and also multiple sources. So you need to design how to retrieve this data consistently and timely
- Move and transform you identity data - this is what is currently done by an HRFeed solution (ootb adapter or custom SDI process as examples). This process must guarantee data consistency (so do NOT rely on delta or sequenced data - make the data "static" and complete). You should here transform the data from the source format to whatever matches the IdM system identity format
- ISVG internal Identity data - you will need to design your attributes (and values where relevant) of you identities. Sometimes you want multiple identity types (in ISIM person objectclasses) if there is a need in the workflow/processes that make that necessary - e.g. you may want to have different identity types for external, employee and service/machine identities. When modelling the identities you should ensure that the data can support the necessary processes efficiently (think dynamic roles/hierarchies when managing birthrights as one example) so that your processes can be fully data driven and can scale efficiently.
You must also consider that the need is changing over time - it is relatively easy to add new data - but almost impossible to remove something afterwards. And also - when designing you lifecycle processes that time is running and cannot be stopped - so data needs to be consistent over time from a semantic point of view.
There is some more (commonly underrated) design criteria for designing the data and processes (such as black boxing, resiliency etc.) - but that is going to be very long description :-)
HTH
------------------------------
Franz Wolfhagen
WW IAM Solution Engineer - Certified Consulting IT Specialist
IBM Security Expert Labs
Original Message:
Sent: Thu August 01, 2024 01:32 AM
From: Supun Munasinghe
Subject: ISVG Extended SCIM Schema
Have anyone come across with adding custom attributes to the User schema and use the same with SCIM apis for onboarding users into ISVG? If yes, what are the steps to be taken and considerations?
------------------------------
Supun Munasinghe
------------------------------