My understanding has always been that the entitlement aggregation would pull up all the owner information from managedBy attribute of AD source. Is there any missing piece here or any mappings that needs to be done?
I saw similar post regarding the use of powershell script to update the entitlement owners.
There’s no OOTB feature to auto map / copy an AD group object’s attribute value to become an entitlement owner in ISC. It’s painful (you need to handle this out of band).
In a similar manner, there’s no automatic mechanism for you to specify the logic / source of any of the OOTB flags (e.g. Privileged, Requestable), nor any of the Metadata Attributes.
Any alternate that you have implemented for it, Terry? I see a few post regarding the use of Powershell scripts but have not been able to get the know-how of that approach. I guess this actually means to pull the owner from Active Directory then go back in IDN and via api update the ownership.
The Bulk Importer requires the identity name of the owner. Depends on the information available on the AD Group object, on AD, you may only have the owner DN, employee number…or something…but not necessarily the identity name of the manager / owner.
So, from a sequencing perspective, you typically would:
Get the group object.
Select the attribute value of the group object that mentions who the group owner is.
Do a search on ISC to see which identity that owner is.
Update the role / access profile / entitlement owner with that identity.
In order to use the bulk importer, you introduce a step 3.5 which is to create the CSV file. For a team coming from AD / PowerShell background, doing 1,2,3,4 is more straight forward and it gives them the learning experience / exposure to the PowerShell SDK to potentially update any of the other data points (Privileged flag, Metadata Attributes…etc).
