Federation / Inbound API
In the context of a user provisioning system, federation means allowing one application to act on behalf of another, to create, modify or delete user accounts on target systems.
(1)A web services API (application programming interface) is exposed by Identity Manager, allowing other applications to access the workflow request queue and data about users and resources.
The API is accessed using SOAP and includes a WSDL specification. This makes it accessible across a wide range of platforms and programming languages, including Windows and Unix, .NET and J2EE, Perl, Python and PHP, etc.
The Identity Manager API supports a wide range of operations, including:
- Submitting new workflow requests. This includes requests to:
- Create new user profiles.
- Add login accounts to new or existing profiles.
- Add users to or remove users from managed groups.
- Assign roles to users or remove roles from users.
- Get or set user identity attributes.
- Initiating previously configured certification rounds.
- Searching for users or roles matching specified criteria.
- Creating, updating or deleting roles.
- Getting or changing the set of authorizers attached to a request.
- Approving or rejecting open requests.
The API allows organizations to develop their own request forms without having to code custom validation or authorization logic and without having to develop integrations with target systems and applications where users will be provisioned. This is helpful for specialized onboarding applications or to connect Identity Manager to an IT service catalog, for example.