IdentityIQ
The IdentityIQ plugin (iiq_plugin) for the Baz system can talk to Sailpoint IdentityIQ(IIQ), the IGA service. Internally, it uses the IdentityIQ APIs (SCIM APIs as well as the DevSAK plugin) and wraps an RPC service around it. The plugin gets installed with the BazCLI package and runs as a _systemd* service listening on port 58443 for requests.
Prerequisite
The plugin connects to IIQ servers in your environment over REST. It uses SailPoint SCIM APIs as well the DevSAK plugin (SailPoint developed plugin).
Ensure DevSAK plugin is installed in your environment - SailPoint community link.
Plugin Configuration
[iiq_dev]
plugin = 'iiq_plugin'
url = 'localhost:58443'
[iiq_dev.params]
url = 'http://192.168.0.122:8080/identityiq'
client_id = '44WuTan0LpucLBb5rWac53PP0r1rujgS'
client_secret = 'secret://secret.iiq.token'
ca_cert = 'file:///home/freddy/certs/ca/ca.crt'
Sections
[iiq_dev]
The first section declares the actor for the plugin. The keyword iiq_dev becomes a programmable object for the tests. This section doesn't require any further configuration from you.
Fields
plugin - The name of the plugin this actor configuration file instantiates.
url - The URL of the plugin.
[iiq_dev.params]
This section contains the actor configuration used to connect, authenticate and request data from the plugin. The configuration parameters support secret, environment, and file tokens. For further details, please see the BazCLI tokens section.
url - The URL for the IIQ service. Example - http://servername:8080/identityiq
client_id - The client ID used for authenticating with IIQ service.
client_secret - The client secret used for authenticating with IIQ service.
Generate client credentials for API authentication - SailPoint Wiki
ca_cert - The public key certificate file in PEM format for your environment's Certificate Authority(CA). The certificate is used for secure connection with IIQ servers.