Good day. We’re trying to upload new entitlements to one of our sources in ISC, however, upon importing the .csv file, the newly uploaded entitlement was uploaded as a ‘group’ and not as ‘Entitlement’ hence we cannot correlate it to an Access Profile.
The CSV format for the import entitlement is as below:
Unfortunately, I do not think there is a direct API yet in ISC which lets you create the entitlements.
For your original questions regarding the entitlements getting imported as group, can you please share the entitlement schema information. Do you have the schema named as group for entitlement type ?
I believe if it is group, you should still be able to use it as an entitlement. The only reason why it is coming as group is because of the entitlement type is named as group.
Are you not able to find these entitlements while mapping it to Access profile, if so are you searching it with the display name ?
Also if it is an entitlement then you may want to remove entitlements and permissions attribute from this schema because currently it seems to have been as the parent entitlements which contains child entitlements.
Please let me know so that I can assist you further. If you still don’t want it to be seen as group, you can always create new entitlement type and name it as entitlement.
I’m able to find these entitlements when mapping to the access profile. I was able to select it as well. However, when I’m trying to hit Save, it’s giving me a generic error:
Can you please try once by resetting the source entitlements and then adding them again. I believe you can use the below APIs to reset the source entitlements, this will clear all the entitlements and then you can aggregate them again.
Once that is done, you can try again to map the entitlements to the Access profile.
By the way, I believe now it is possible to directly add the entitlements to the roles, so can you please check also if you are getting the error while trying to map it to role ? But please do the source entitlement reset first.
I tried to reset the entitlements in our Sandbox environment. Then I re-upload the entitlements but they are uploaded as ‘groups’ again and I’m still not able to map it to an access profile.
Can you please try to map it directly to a role? I believe that should also work but not sure if the new feature is available in your tenant.
Regarding the entitlements still visible as group, for that you will need to add a new schema for entitlement and name it as entitlement but that will still not help in your case i feel.
May be better to check with sailpoint support if you are facing the issue while mapping it to roles directly.