SaaS REST

Register the application

In the Advanced Identity Cloud admin console, go to Applications, and click grid_view Browse App Catalog.
In the Browse App Catalog modal, select an application, and click Next.
Review the Application Integration information, and click Next.
In the Application Details window, specify the name, description, application owners, and logo for the application.
To make the application an Authoritative source of identity data, select the Authoritative check box. This option is not available for every application.
Click Create Application.

Configure provisioning

In the Advanced Identity Cloud admin console, on the Provisioning tab:
- If setting up provisioning for the first time, click Set up Provisioning.
- If editing existing settings, in the Connection section, click Settings.

Configure the following fields:

Field Description

Field	Description
Service URI	The service URI (example: `http://myservice.com/api`).
Authentication Method	The method for authenticating to the remote service: `BASIC`, `OAUTH`, or `TOKEN`. The default is `TOKEN`.

Service URI

The service URI (example: http://myservice.com/api).

Authentication Method

The method for authenticating to the remote service: BASIC, OAUTH, or TOKEN. The default is TOKEN.

Depending on the Authentication Method, configure the applicable fields:

BASIC
OAUTH
TOKEN

Field	Description
Login	The basic authentication login name for the remote service.
Password	The basic authentication password for the remote service.

Field

Description

Login

The basic authentication login name for the remote service.

Password

The basic authentication password for the remote service.

Field Description

Field	Description
Client Id	The OAuth 2.0 client identifier for the remote service.
Client Secret	The OAuth 2.0 client secret for the remote service.
Token Endpoint	The OAuth 2.0 endpoint where a new access token is requested for the remote service.
Grant Type	The OAuth 2.0 grant type to use (`client_credentials`, `jwt_bearer`, or `refresh_token`).
Scope	The OAuth 2.0 scope to use.
Use Basic Auth For OAuth Token Neg	Select this option to use basic authentication to send the client ID and client secret to the remote service as authorization headers. If unselected, the client ID and client secret are sent as form data.

Client Id

The OAuth 2.0 client identifier for the remote service.

Client Secret

The OAuth 2.0 client secret for the remote service.

Token Endpoint

The OAuth 2.0 endpoint where a new access token is requested for the remote service.

Grant Type

The OAuth 2.0 grant type to use (client_credentials, jwt_bearer, or refresh_token).

Scope

The OAuth 2.0 scope to use.

Use Basic Auth For OAuth Token Neg

Select this option to use basic authentication to send the client ID and client secret to the remote service as authorization headers.

If unselected, the client ID and client secret are sent as form data.

Additional fields depending on the Grant Type:

`refresh_token`
Field	Description
Refresh Token	Used by the `refresh_token` Grant Type.

`jwt_bearer`
Field	Description
JWT Key	The JWT data structure that represents a cryptographic key.
JWT Claims	JWT claims to include in the payload.
JWT Expiration	The JWT expiration in seconds.
JWT Algorithm	The algorithm type to sign the payload.

Field	Description
Authorization Token Prefix	The prefix to use in the Authorization HTTP header for token authentication.
Auth Token	The auth token for the remote service.

Field

Description

Authorization Token Prefix

The prefix to use in the Authorization HTTP header for token authentication.

Auth Token

The auth token for the remote service.

Define the Account Object Schema. Learn more in Account object.
Optionally, you can define additional object types:
1. Click Add Object Type.
2. Enter the object ID.
3. Define the object Schema.
Learn more in Synchronize an identity.

Optionally, click Show advanced settings to set any of the following options:

Application specific settings
Field	Description
Exclude Unmodified	Select this option to synchronize only the modified properties on a target resource.

Pool configuration
Field	Description
Max idle and active container instances	The maximum number of idle and active container instances. The default value is `10`.
Max Idle Connector Instances	The maximum number of idle connector instances. The default value is `10`.
Set Timeout Period	Select to enable a timeout period for the connection. After enabling, configure the following: Timeout period (ms): The timeout period in milliseconds.
Set Minimum Idle Time	Select to set a minimum time (in milliseconds) before an idle object is removed. After enabling, configure the following: Min idle time (ms): The minimum idle time in milliseconds.
Min Idle Instances	The minimum number of idle connector instances.

Result Handler configuration
Field	Description
Enable for connectors with the attribute normalizer interface	Enables the attribute normalizer interface for supported connectors.
Enable local filtering/search features	Enables local filtering and search capabilities.
Enable case insensitive filter	Configures filters to ignore case sensitivity.
Enable configuration of search attributes; disable for local connectors	Enables search attribute configuration. Disable this option for local connectors.

In the Operation Timeouts (ms) area, select the operations to enforce timeouts on and enter the duration in milliseconds.

Available operations include Create, Validate, Test, Enable a Script on the Connector, Schema, Delete, Update, Sync, Authenticate, Get, Enable a Script on the Target, and Search.
In the Operation Rate Limits area, select the operations to enforce rate limits on.

You can enforce limits on specific operations, including Create, Validate, Test, Script on Connector, Schema, Delete, Update, Sync, Authenticate, Get, Script on Target, and Search.

For each selected operation, configure the following fields:

Field Description

Request Limit

Requests allowed over time.

Request Period

Limit resets after this time (ms).

Request Timeout

Time before exception thrown (ms).

Click Connect.
Verify the information in the Details tab.

Field	Description
Request Limit	Requests allowed over time.
Request Period	Limit resets after this time (ms).
Request Timeout	Time before exception thrown (ms).

Provision side tabs

The object type determines the side tabs that display on the Provisioning tab. Use the object type list to select an object type, such as Group. Afterward, you can configure properties in the different sub-tabs under the Provisioning tab.

Provisioning tab	Description	Related sections
Details	View and manage an application, including name, ID, and native type.	Select the specific application from Provision settings for an application.
Properties	View and manage properties for the selected object type.	Manage application attributes
Data	View data about the selected object type.	View user access data
Mapping	View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties.	Manage mappings
Reconciliation	Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems. View and manage rules for the users and groups that use your application. View and manage schedules for Full and Incremental reconciliation.	Reconcile and synchronize end-user accounts
Privacy & Consent	Manage end-user data sharing and synchronization.	Configure end-user data sharing
Rules	View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application.	Manage provisioning rules
Advanced Sync	Create and manage mappings between an identity profile and an application or between applications.	Manage advanced sync

Provisioning tab

Description

Related sections

Details

View and manage an application, including name, ID, and native type.

Select the specific application from Provision settings for an application.

Properties

View and manage properties for the selected object type.

Manage application attributes

Data

View data about the selected object type.

View user access data

Mapping

View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties.

Manage mappings

Reconciliation

Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems.

View and manage rules for the users and groups that use your application.

View and manage schedules for Full and Incremental reconciliation.

Reconcile and synchronize end-user accounts

Privacy & Consent

Manage end-user data sharing and synchronization.

Configure end-user data sharing

Rules

View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application.

Manage provisioning rules

Advanced Sync

Create and manage mappings between an identity profile and an application or between applications.

Manage advanced sync