Access Profile was not getting attached to the user

jasmedina · December 10, 2024, 4:52pm

Hi All,

We are using a Web Service connector and when I requests for an Access Profile via the access request, I noticed that the Access Profile that I requested was not getting attached to the user’s profile even though the provisioning was completed and even the Events logged that the entitlement was added.

Access Request:

User’s Event log:

JackSparrow · December 11, 2024, 4:44am

Are you able to see the entitlements of that access profiles in user’s access tab? Can you try manually processing the identity once?

jasmedina · December 11, 2024, 12:15pm

hi @JackSparrow! I cannot see the entitlements in the user’s access tab. I also tried to manually process the identity, but still getting the same result.

gogubapu · December 11, 2024, 12:25pm

Hi @jasmedina,

Can you check in target application. if this particular user present or not, if the user present check recently added entitlement are with user or not in your target application.

if those are not added, note that your provisioning (check the API execution behavior) goes wrong in the IdentityNow.

Thank You.

jasmedina · December 11, 2024, 12:31pm

Hi @gogubapu,

For context, the use case is a user will request for a new account creation. 2 entitlements should be added to the user, one is for the siteRole and the other entitlement is for adding the user to a group. The siteRole gets provisioned but not the group.

The user gets created and is present in the target application with the correct siteRole but was not provisioned to the group.

gogubapu · December 11, 2024, 12:34pm

Ok, this is tableau application right.

Can you share which API endpoint are you using. based on that i will guide you.

jasmedina · December 11, 2024, 12:38pm

Yes, correct.

I am using the following:

To create account: Add Users to a Site and Update User
To add users to a group - Users and Groups Methods - Tableau

Also, I noticed that when I used and existing user in the target application and I request to be added to a group, the access profile gets attached correctly. I am only facing the issue for new account creation.

I will also share the Events log for both users. You can notice that the accountName is not present in the New Account log
New Account:

Existing user:

JackSparrow · December 11, 2024, 3:49pm

In this case, are you able to see “Create Account Passed” with status as “passed” event log for new user?

jasmedina · December 11, 2024, 3:58pm

Yes I was able to see it

JackSparrow · December 11, 2024, 4:14pm

Hope there is HTTP create operation defined. Also, please check this

Link for the same: https://community.sailpoint.com/t5/IdentityNow-Connectors/Web-Services-Source-Configuration-Reference-Guide/ta-p/78511#toc-hId--1536061135

jasmedina · December 12, 2024, 1:51pm

Hi @JackSparrow! There is an HTTP Create operation and I have also enabled the createAccountWithEntReq attribute. The problem is with adding the created user to the group

system · February 10, 2025, 1:51pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.