SailPoint Connectors and SaaS Connectivity
Understanding the List User Connector
SailPoint’s identity security solutions interface with various software as a service (SaaS) applications to retrieve the necessary information, such as account and access information, from an identity security standpoint. Each SaaS application implements these functionalities in slightly different ways and might expose their implementation through REST-based web APIs that are typically supported by OpenAPI specifications. SailPoint connectors are TypeScript modules that interface with a SaaS application and map the relevant identity security information (such as accounts and entitlements) to a standardized format understood by SailPoint. Based on the APIs exposed by the application, SailPoint connectors can create, update, and delete access on those accounts. SailPoint connectors help manage user identities and their access rights across different environments within an organization, supporting the organization’s compliance and security efforts.
Building a Generative AI-based Coding Assistant
In this post, we highlight how the AWS Generative AI Innovation Center collaborated with SailPoint Technologies to build a generative AI-based coding assistant that uses Anthropic’s Claude Sonnet on Amazon Bedrock to help accelerate the development of software as a service (SaaS) connectors.
The List User Function of a Connector
The following is a breakdown of what each part of the code does:
- Imports: The code imports several types and interfaces from @sailpoint/connector-sdk. These include Context, Response, StdAccountListHandler, and StdAccountListOutput, which are used to handle the input and output of the function in a standardized way within a SailPoint environment.
- Function definition: listUsers is defined as an asynchronous function compatible with the StdAccountListHandler. It uses the Context to access configuration details like API keys and the base URL, and a Response to structure the output.
- Retrieve API key and host URL: These are extracted from the context parameter. They are used to authenticate and construct the request URL.
- URL construction: The function constructs the initial URL using the hostUrl and organizationId from the context. This URL points to an endpoint that returns users associated with a specific organization.
Code Example
import { Context, Response, StdAccountListHandler, StdAccountListOutput } from '@sailpoint/connector-sdk';
const listUsers: StdAccountListHandler = async (context: Context, input: undefined, res: Response) => {
// retrieve api key and host url from context
let apiKey = context.apiKey;
let hostUrl = context.hostUrl;
let hasMore = true;
// url construction
let url = `https://${hostUrl}/Management/v2/organizations/${context.organizationId}/users`;
// loop through pages
while (hasMore) {
// fetch response from the endpoint
let response = await fetch(url, {
headers: {
'Authorization': `Bearer ${apiKey}`
}
});
let results = await response.json();
// processing users from response
let users = results.users;
for (const user of users) {
const output: StdAccountListOutput = {
identity: user.id,
attributes: {
user_name: user.user_name,
first_name: user.first_name,
last_name: user.last_name,
user_status: user.user_status,
membership_status: user.membership_status,
email: user.email,
created_on: user.created_on,
membership_created_on: user.membership_created_on,
ds_group_id: user.company_groups.map(group => group.ds_group_id),
ds_group_account_id: user.company_groups.map(group => group.ds_group_account_id)
}
};
}
// pagination
if (results.paging.next) {
url = results.paging.next;
} else {
hasMore = false;
}
}
}Conclusion
In this article, we demonstrated how we used Anthropic’s Claude Sonnet on Amazon Bedrock to automatically create the list user connector, a critical component of the broader SaaS connectivity. By leveraging the power of generative AI, we were able to accelerate the development of software as a service (SaaS) connectors and improve the efficiency of identity security solutions.
FAQs
Q: What is the purpose of the list user function in a connector?
A: The list user function is used to retrieve and transform user information from a SaaS application into a standardized format.
Q: What is the role of the Context object in the code?
A: The Context object is used to access configuration details like API keys and the base URL.
Q: What is the purpose of the Response object in the code?
A: The Response object is used to structure the output of the function.
Q: What is the difference between the hasMore variable and the url variable in the code?
A: The hasMore variable is used to track whether there are more pages of results to retrieve, while the url variable is used to construct the URL for the next page of results.
