Hi guys,
So we have a CSV-connector where we only get a new CSV-file every 6 months.
When requesting access to this source via an application, a manual task is created, however after it has been approved we don’t see the entitlement on the CSV-account before actually aggregating a new CSV-file. Is it possible to fix that?
We have managed via a ServiceDesk connector where an account is provisioned (inside IdentityNow) but with “???” as Account ID.
2 posts were split to a new topic: DN for Active Directory will get updated in real time if AC_NewParent or AC_NewName is updated
The ??? in the account ID will be replaced by actual value only after an account aggregation on the source.
Not seeing the access untill it is aggregated is by design and is part of the closed loop verification process. Only the aggregation process (full aggregation or single account aggregation for directly connected sources) can update the access of accounts and identities.
I don’t think this behavior can be changed.
Regarding the ?? on the service desk connector it is most likely because you have not set a value to the account id in the create account provisioning policy.
The only way to update the account information, is by aggregation (via the CSV file) or by providing it via the update accounts API (PUT on /v3/accounts/). On the latter you can provide a full body of all the attributes, and I’m assuming this includes any attributes that are marked as entitlements, e.g. (from the docs):
{
"attributes": {
"city": "Austin",
"displayName": "John Doe",
"userName": "jdoe",
"sAMAccountName": "jDoe",
"mail": "[email protected]"
}
}
Link to the documentation:
You can test this in your sandbox to see if updating it via this way could be helpful.
One thing to note about using the PUT API is that any changes you make via PUT will be overridden the next time the CSV is aggregated. If you use PUT, make sure you update the CSV as well.
Is it possible to also use the POST v3/accounts/ to API to add source accounts to the CSV-connector if for example an access is requested for an identity with no account yet?
I tried it from Postman and got a 200 code back but never seen any account open up.
@Swegmann Check out this post: Create Account API - #2 by colin_mckibben
It might help answer your questions about the accounts API.
We have use the POST v3/accounts/ but as an Authorative Source. So we have Source → Identity Profile. Once you create an account on the source it gets push to Identity Profile and the user gets created.
Yes it is but please make sure you link the account to the proper source, otherwise the account will end up with no source and is therefore not visible in IdentityNow!
Like this:
{
"attributes": {
"city": "Austin",
"displayName": "John Doe",
"userName": "jdoe",
"sAMAccountName": "jDoe",
"mail": "[email protected]"
},
"sourceId": <source id>
}
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.