Hi,
We have integrated CyberArk with SailPoint using SCIM 2.0 API.
I am posting here as I didn’t see much documentation on troubleshooting in Compass.
During our Provisioning testing we overserved following issues:
Connector Type: SCIM 2.0
SSL: Enabled
Configurations: Access profiles are configured as Roles in system, RBAC request.
• New User Access:
- Access is requested through Role. Role access and Entitlement access displays as Passed in Account activity.
- Cyber Ark account get’s provisioned and added into group in Target system
- On User profiles Role is provisioned but on Account profile only account details are visible, entitlement details are not visible
- We have performed aggregation for synchronizing the data, but entitlement details are not getting populated
- All the activities are logged in to CyberArk SCIM logs
- In IDN events log the request status shows as PASSED
• Update Access: - New Access is requested through new Role. Role access and Entitlement access are logged as passed in account activity
- Entitlement details are not getting updated with new Entitlement
- We have performed aggregation for synchronizing the data, but entitlement details are not getting populated
- All the activities are logged in to CyberArk SCIM logs
- In IDN events log the request status shows as PASSED
• Access Certification – Revoke process - Triggered access certification on User Role
- User’s role was revoked and completed the sign-off
- Account activity Role removal, Entitlement removal events are logged as passed in account activity
- Revoke event is logged in as passed
- All the activities are logged in CyberArk SCIM logs
- Role is de-linked from user but entitlement is still exist on user
If anyone faced similar issue or aware of issue, please provide the details.
Thank you!
Sailaja