cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Flexera IAM Management via API

I have been tasked by my organization to integrate Flexera One with an Identity Access Management system. I've been looking through the developer.flexera.com website and can't seem to find an api that can add a user to flexera one. I only see the ability for an administrator to invite a user manually. Blue sky scenario would be IAM system creates a user in Flexera One with requested permissions without human interaction and the same for removing access. Does this exist? If not, what workaround has been used for this kind of use-case?

(5) Replies
tjohnson1
By Technical Writer
Technical Writer
You would have the user log in via SSO and configure the Identity Provider for Just-In-Time Provisioning and Group Sync: https://docs.flexera.com/flexera/EN/Administration/JITProvisioningGroupSync.htm

Thanks for the reply. My Org currently disallows groups in IDP SAML response because of performance issues. Are there any other options available?

You can use the API to assign roles to a user after they exist: https://developer.flexera.com/docs/api/Identity%20and%20Access%20Management#/Access%20Rule/Access%20Rule%23grant

Please also vote and subscribe to the following idea to be able to interact with groups via the API: https://flexerasfdc.ideas.aha.io/ideas/FXONE-I-328 


@tjohnson1 wrote:

You can use the API to assign roles to a user after they existhttps://developer.flexera.com/docs/api/Identity%20and%20Access%20Management#/Access%20Rule/Access%20Rule%23grant


Thanks for the response. Will likely implement this with our IAM system. 

Highlighting the bolded above.
Is there any way to create a user without an invitation or a user explicitly adding the user via Flexera One > Administration > User Management? Trying to figure out ways to automate this without requiring a user interaction.

If you configure your IdP to include attributes named firstName and lastName then you can use Just-In-Time Provisioning to have the users created when they first log in: https://docs.flexera.com/flexera/EN/Administration/JITProvisioning.htm

You can also create the invite via the API and set skipEmailNotification to true so an email is not sent: https://community.flexera.com/t5/Flexera-One-Blog/Skip-the-email-going-out-when-the-user-is-invited-to-Flexera-One/ba-p/287017