But even after doing the above, IDN is sending individual add entitlement requests instead of combining it into one single request. Is there something we are missing here?
I am not sure if enabling the addRemoveEntInSingleReq would help in handling your case. As far as I know, when there are requests for multiple type of entitlements(lets say group, role etc.), enabling this flag ensures one single Add Entitlement API can handle the request for all the types.
I never tried with multiple entitlements of the same type with this flag.
However, I followed the below approach for one of my previous projects which would work. My requirement was the Add entitlement operation is of type PUT where only the roles passed in the API request will be attached to the user. We cannot pass the group one by one as for each call the previous requested group is removed.
I utilized the provisioningPlan from webservice before operation rule to fetch all the requested groups at one go and updated my requestBody for all the groups and returned the updated requestEndPoint.
This ensures all the groups are passed in the same request and processed without issues. Only downside to this approach is the endpoint might be called multiple times, say 3 times if 3 groups are requested at once. I didn’t had any issues with that as at the end it is the same requestBody which is updated with all the groups is executed. Hence, no impact to the access.
When I requested 2 roles together at once and printed provisioning plan using before operation rule on add entitlement operation, it printed two provisioning plans each with 1 role attribute request not one provisioning plan with both of the roles. My doubt is how can I fetch all the requested roles at one go when they are not in the same provisioning plan?