SaaS REST

The SaaS REST application template allows you to interact with most REST APIs to manage users, groups, and similar objects. Learn more in SaaS REST connector.

Register the application

In the Advanced Identity Cloud admin console, go to Applications, and click grid_view Browse App Catalog.
In the Browse App Catalog modal, select an application, and click Next.
Review the Application Integration information, and click Next.
In the Application Details window, specify the name, description, application owners, and logo for the application.
To make the application an Authoritative source of identity data, select the Authoritative check box. This option is not available for every application.
Click Create Application.

Configure provisioning

In the Advanced Identity Cloud admin console, on the Provisioning tab:
- If setting up provisioning for the first time, click Set up Provisioning.
- If editing existing settings, in the Connection section, click Settings.

Configure the following fields:

Field Description

Field	Description
Service URI	The service URI (example: `http://myservice.com/api`).
Authentication Method	The method for authenticating to the remote service: `BASIC`, `OAUTH`, or `TOKEN`. The default is `TOKEN`.

Service URI

The service URI (example: http://myservice.com/api).

Authentication Method

The method for authenticating to the remote service: BASIC, OAUTH, or TOKEN. The default is TOKEN.

Depending on the Authentication Method, configure the applicable fields:

BASIC
OAUTH
TOKEN

Field	Description
Login	The basic authentication login name for the remote service.
Password	The basic authentication password for the remote service.

Field

Description

The basic authentication login name for the remote service.

Password

The basic authentication password for the remote service.

Field Description

Field	Description
Client Id	The OAuth 2.0 client identifier for the remote service.
Client Secret	The OAuth 2.0 client secret for the remote service.
Token Endpoint	The OAuth 2.0 endpoint where a new access token is requested for the remote service.
Grant Type	The OAuth 2.0 grant type to use (`client_credentials`, `jwt_bearer`, or `refresh_token`).
Scope	The OAuth 2.0 scope to use.
Use Basic Auth For OAuth Token Neg	Select this option to use basic authentication to send the client ID and client secret to the remote service as authorization headers. If unselected, the client ID and client secret are sent as form data.

Client Id

The OAuth 2.0 client identifier for the remote service.

Client Secret

The OAuth 2.0 client secret for the remote service.

Token Endpoint

The OAuth 2.0 endpoint where a new access token is requested for the remote service.

Grant Type

The OAuth 2.0 grant type to use (client_credentials, jwt_bearer, or refresh_token).

Scope

The OAuth 2.0 scope to use.

Use Basic Auth For OAuth Token Neg

Select this option to use basic authentication to send the client ID and client secret to the remote service as authorization headers.

If unselected, the client ID and client secret are sent as form data.

Additional fields depending on the Grant Type:

`refresh_token`
Field	Description
Refresh Token	Used by the `refresh_token` Grant Type.

`jwt_bearer`
Field	Description
JWT Key	The JWT data structure that represents a cryptographic key.
JWT Claims	JWT claims to include in the payload.
JWT Expiration	The JWT expiration in seconds.
JWT Algorithm	The algorithm type to sign the payload.

Field	Description
Authorization Token Prefix	The prefix to use in the Authorization HTTP header for token authentication.
Auth Token	The auth token for the remote service.

Field

Description

Authorization Token Prefix

The prefix to use in the Authorization HTTP header for token authentication.

Auth Token

The auth token for the remote service.

Define the Account Object Schema. Learn more in Account object.
Optionally, you can define additional object types:
1. Click Add Object Type.
2. Enter the object ID.
3. Define the object Schema.
Learn more in Synchronize an identity.
Optionally, click Show advanced settings to set any of the following options:

Field Description

Exclude Unmodified

Select this option to synchronize only the modified properties on a target resource.
Click Connect.
Verify the information in the Details tab.

Field	Description
Exclude Unmodified	Select this option to synchronize only the modified properties on a target resource.

Provision side tabs

The object type determines the side tabs that display on the Provisioning tab. Use the object type list to select an object type, such as Group. Afterward, you can configure properties in the different sub-tabs under the Provisioning tab.

Provisioning tab	Description	Related sections
Details	View and manage an application, including name, ID, and native type.	Select the specific application from Provision settings for an application.
Properties	View and manage properties for the selected object type.	Manage application attributes
Data	View data about the selected object type.	View user access data
Mapping	View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties.	Manage mappings
Reconciliation	Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems. View and manage rules for the users and groups that use your application. View and manage schedules for Full and Incremental reconciliation.	Reconcile and synchronize end-user accounts
Privacy & Consent	Manage end-user data sharing and synchronization.	Configure end-user data sharing
Rules	View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application.	Manage provisioning rules
Advanced Sync	Create and manage mappings between an identity profile and an application or between applications.	Manage advanced sync

Provisioning tab

Description

Related sections

Details

View and manage an application, including name, ID, and native type.

Select the specific application from Provision settings for an application.

Properties

View and manage properties for the selected object type.

Manage application attributes

Data

View data about the selected object type.

View user access data

Mapping

View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties.

Manage mappings

Reconciliation

Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems.

View and manage rules for the users and groups that use your application.

View and manage schedules for Full and Incremental reconciliation.

Reconcile and synchronize end-user accounts

Privacy & Consent

Manage end-user data sharing and synchronization.

Configure end-user data sharing

Rules

View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application.

Manage provisioning rules

Advanced Sync

Create and manage mappings between an identity profile and an application or between applications.

Manage advanced sync