Problem

When we onboarded an application using connector type named as “Oracle FCCS”, the connector offers you 3 entitlement schemas named as “Groups”, “IDCSGroup”, etc.

In one of the scenarios, the customer wanted to block the onboarding of entitlements of Type “IDCSGroup” for a source onboarded through connector type “Oracle FCCS”

Diagnosis

IDCSGroup is an out of the box entitlement type which is provided by Oracle FCCS connector out of the box. Also, there is no way through the configurations or filter that you can block those entitlements onboarded into SailPoint ISC. Hence, through filters, its not possible. Hence, we had to go ahead with another approach. The approach that we followed to resolve this issue is in the Solution section.

Solution

1. Take the Backup of configurations.
2. Extract the Schema ID for Entitlement Schema of Entitlement Type “IDCSGroup” using SailPoint ISC API named as “Lists the Schemas that exist on the specified Source in IdentityNow.”
3. Use the SailPoint ISC Rest API named as “Delete Source Schema by ID” to delete the Schema of Entitlement Type “IDCSGroup”.
4. Perform “Reset Entitlement” operation for the respective source created using connector type named as “Oracle FCCS” and this operation will delete/remove all the entitlements onboarded till now in SailPoint ISC.
5. Re-Aggregate the Entitlements again into SailPoint ISC.

Hence, by following the above approach, the you will refrain the Entitlement Aggregation task from onboarding the entitlements of type “IDCSGroup” into SailPoint ISC.

This is same approach which you can use for other sources as well onboarded into SailPoint ISC using any other connector type where the filtering the aggregation is not possible.