Skip to main content

Hi automation leaders and technical experts,

currently our controlroom users are administered manually. Users order the needed roles in our IDM tool “OneIdentity”. The controlroom admins get a notification in the IDM tool and they asssign the ordered roles to the user manually.

We want to automate the user management, but our IDM team doesn’t support APIs yet.

Now I would like to learn from you: How did you automate your user management?

Courious regards,
Stefanie

Hi Stefanie, I think I have some folks who may be able to support you here. Thanks for asking such a great question!

@Matt.Stewart 

@Ganesh Bhat 

@Sridhar Yadlapalli 

@jackson 

Hey Stefanie, if your IDM team doesn’t support APIs, that’s ok!

Let’s start with the easy part:

https://aa-devx-sbx.cloud.automationanywhere.digital/swagger/ui/?url=/swagger/api/v2/um-api-supported.yaml

This is a link to the API details for user management in the control room.  You can use a combination of each of these to do every necessary function!

To make this fully work, you’ll need to create a mapping document.  For simplicity, lets just say its something in excel.  The purpose of this is to link the Roles in your IDM tool with the roles you created in the control room.

You could download a report once or multiple times per day, or you could have a bot monitor a mailbox to catch whenever that IDM notification comes in.

It could look like this.

  1. Notification comes in with requests to create a user with specific access.
  2. Bot picks up the request, and looks up that access in the mapping document, returning the roleIDs and licenses.
  3. Bot uses the rest package (standard in the control room) to call this API endpoint documented above (alternatively you could leverage the connection builder to connect build a custom package for all the user actions)

If you have something more complex, like modifying existing users:

  1. Notification comes in with requests to modify a user.
  2. Bot picks up the request, and looks for that user in the control room.  (Using the List Users function and filtering by names or some other matchable item, like email address).  This would return the user’s ID.
  3. Bot looks up the requested access in the mapping document, returning the roleIDs and licenses
  4. Bot uses the rest package (standard in the control room) to call this API endpoint documented above (alternatively you could leverage the connection builder to connect build a custom package for all the user actions).

The mapping document is the hard part…  At my last company we had 4 control rooms, 11 lines of business, and 4 different level of roles, with some unique overlap rules!

 

Hopefully this helps guide you in the right direction, let me know if there’s follow up questions!
 

Hi ​@Matt.Stewart,

This is a great approach! Leveraging the Control Room APIs alongside a well-structured role mapping document is definitely the way to go. Using a bot to monitor IDM notifications and trigger automated user provisioning ensures a seamless process without relying on IDM API support.

The key challenge, as you pointed out, is maintaining an accurate mapping document—especially in complex environments with multiple control rooms and role variations. However, once set up, this method significantly reduces manual effort and ensures consistency in user management.

Additionally, for organizations dealing with frequent role updates, integrating a scheduled report or a dynamic lookup mechanism can further enhance efficiency.

it’s a solid approach ​@Stefanie! - You Can Give a try on this.

Curious regards,
Sridhar

Reply


Terms & ConditionsCookie settings