+5Hi automation leaders and technical experts,
currently our controlroom users are administered manually. Users order the needed roles in our IDM tool “OneIdentity”. The controlroom admins get a notification in the IDM tool and they asssign the ordered roles to the user manually.
We want to automate the user management, but our IDM team doesn’t support APIs yet.
Now I would like to learn from you: How did you automate your user management?
Courious regards,
Stefanie
Best answer by Matt.Stewart
Hey Stefanie, if your IDM team doesn’t support APIs, that’s ok!
Let’s start with the easy part:
https://aa-devx-sbx.cloud.automationanywhere.digital/swagger/ui/?url=/swagger/api/v2/um-api-supported.yaml
This is a link to the API details for user management in the control room. You can use a combination of each of these to do every necessary function!
To make this fully work, you’ll need to create a mapping document. For simplicity, lets just say its something in excel. The purpose of this is to link the Roles in your IDM tool with the roles you created in the control room.
You could download a report once or multiple times per day, or you could have a bot monitor a mailbox to catch whenever that IDM notification comes in.
It could look like this.
If you have something more complex, like modifying existing users:
The mapping document is the hard part… At my last company we had 4 control rooms, 11 lines of business, and 4 different level of roles, with some unique overlap rules!
Hopefully this helps guide you in the right direction, let me know if there’s follow up questions!
+11Hi Stefanie, I think I have some folks who may be able to support you here. Thanks for asking such a great question!
+6Hey Stefanie, if your IDM team doesn’t support APIs, that’s ok!
Let’s start with the easy part:
https://aa-devx-sbx.cloud.automationanywhere.digital/swagger/ui/?url=/swagger/api/v2/um-api-supported.yaml
This is a link to the API details for user management in the control room. You can use a combination of each of these to do every necessary function!
To make this fully work, you’ll need to create a mapping document. For simplicity, lets just say its something in excel. The purpose of this is to link the Roles in your IDM tool with the roles you created in the control room.
You could download a report once or multiple times per day, or you could have a bot monitor a mailbox to catch whenever that IDM notification comes in.
It could look like this.
If you have something more complex, like modifying existing users:
The mapping document is the hard part… At my last company we had 4 control rooms, 11 lines of business, and 4 different level of roles, with some unique overlap rules!
Hopefully this helps guide you in the right direction, let me know if there’s follow up questions!
+5Hi
This is a great approach! Leveraging the Control Room APIs alongside a well-structured role mapping document is definitely the way to go. Using a bot to monitor IDM notifications and trigger automated user provisioning ensures a seamless process without relying on IDM API support.
The key challenge, as you pointed out, is maintaining an accurate mapping document—especially in complex environments with multiple control rooms and role variations. However, once set up, this method significantly reduces manual effort and ensures consistency in user management.
Additionally, for organizations dealing with frequent role updates, integrating a scheduled report or a dynamic lookup mechanism can further enhance efficiency.
it’s a solid approach
Curious regards,
Sridhar
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
