Our “Access Request For Identity With Multiple Accounts Failed” email template is pointing to the entitlement ID when it should be pointing to the entitlement name. Would anyone know of a resource or the variable name I can use to fix this ?
Your request for "${requestItemName}" failed because you have more than one account on the "${sourceName}" source.
Your request for “63334c7d39224474abc1dad3781a1340” failed because you have more than one account on the…
Can you look up the entitlement from the source? Does it have a name or just a description?
Hi @davidkirchhoff
This problem you are facing is for azure active directory ? Because sometimes azure groups attribute fetched value instead of displayname.
Thanks for the reply. I see it in the source, it has a name set but no description. If it helps, the ID is in the URL path:
…/access/entitlements/landing-page/details/63334c7d39224474abc1dad3781a1340
That is really odd. If you are seeing the same number on the source as you do in the email, that should be the source id.
Can you try looking at the access request using access-request-status api? My responses look like this:
So the name of the requested entitlement is clearly in the payload. What does yours show?
Also have you tried to duplicate the request to see if the behavior is consistent?
I believe my reply was not accurate. Let me rephrase. I can see the entitlement in the source, labeled the correct name. This is the name I wish to use for the email template.
If I then move into Access Model > Entitlements, then select the entitlement, and focus on the URL, this is where I see the Id that’s being pulled into the template
…/access/entitlements/landing-page/details/63334c7d39224474abc1dad3781a1340
I am new to api calls, so would need to ask our inhouse dev team for assistance on this. I will reply with the api response once I am able to make the call.
Yes, this is an Azure active directory group. When you say “group attribute”, are you referring to the AD Object Id ?
Hi @davidkirchhoff
Yes that’s correct. It is fetching ID because in the group attribute it is coming as ID not the display name.
Thank you.
Thank you again for the reply. I believe I am on the right path. I’m in Sources > AD > Account Schema, and found the attribute named ‘memberOf’. Could you please point me to where I can edit this attribute to point to the entitlements display name?
I was talking about Azure AD not Active Directory. You are checking in active directory, for active directory memberOf attribute is group attribute and for Azure AD its groups attribute. Both are entitlement and multivalued attribute responsible for group/entitlement provisioning.
Thank you.
Thank you for being patient. I found the attribute in Account Schema under Azure,
I also found where I can edit the entitlement type and see where it would be pointing to the objectId, as appose to the displayName. Is this were I can make the correction?
Hi @davidkirchhoff
Yes that’s what I am talking about. Also note that while changing accountID and account Name for entitlement make sure it is not affecting other entitlements in azure which is working fine.
Thank you.
