AzureAD extensionattribute as entitlement?

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

I’m on IdentityIQ 8.3p3

I’d like to use an extension attribute to filter accounts for an AzureAD app, but also have it available as a requestable entitlement. When I manually populate an extension attribute for a user account in AzureAD, I’m able to add it to the IIQ app schema as an entitlement and aggregate it back to the IIQ identity. The attribute shows up as part of that IIQ identity’s entitlements, but there’s no link back to the actual entitlement itself.

We have an Active Directory app that seems to be able to automatically include schema extensionattributes classified as entitlements to be registered as an entitlement - is this a limitation of the AzureAD builtin app?

2

Hi Josef, welcome to the Developer community. Have you referenced the Azure/Entra documentation? There is a section on aggregating custom attributes. The latest version (8.4p1) is available here: Custom Attributes but appears to be the same as the downloadable version for 8.3p3.

3

Thanks Rich - Got this working after running it by our IIQ guru. There were 2 things I needed to fix:

-Enable the ‘Promote managed attributes’ in the aggregation task
-Edit our ‘Managed Entitlement Customization Rule’ associated with the app to set the entitlements to requestable=false

thanks!