Hi All - I have an issue where I was trying to update the descriptions in IdentityNow for a flat file. I tried to update the entitlement descriptions and as a result now have duplicate entitlements with one Type as Entitlement and the other as group. Does anyone have any suggestions of how I can start fresh or reference a better documentation article?
Hi @ssong
This is a classic “flat file entitlement type mismatch” issue in SailPoint Identity Security Cloud (ISC), and it’s quite common when you’re manually managing or updating flat file schemas or data.
The core problem is that IdentityNow relies on the type attribute within your flat file (or inferred during schema definition) to categorize entitlements. If you’ve inadvertently changed how an entitlement is represented, or added new entries that conflict with existing ones, you can end up with duplicates where one is Entitlement and the other Group.
Consistency:
Ensure every entry that logically represents the same entitlement has the same unique ID and the same type.
Example (CSV):
id,name,description,type
Sales_Access,Sales Access Group,Grants access to sales resources,group
HR_Portal,HR Portal Access,Access to employee portal,entitlement
Old_Resource,Old Resource Access,Legacy resource access,entitlement
Hi @ssong, pls ensure that the entitlement metadata in the flat file is consistent with the schema defined within the source. Once the data has been corrected, use the following API to reset the entitlements of the source and start a fresh aggregation:
.
Thanks, Pattabhi. Is there a reason why these all need to be reset via API call when the entitlements are imported via a flat file?
Hi @ssong
If you look back the Topic Description you have asked the question.
Does anyone have any suggestions of how I can start fresh
I am in the process of testing the different scenarios in my devrel machine but got stuck badly. give me some time to test if there are any gaps in the functionality.
Makes sense and fair point! I did the reset but now the reuploaded entitlements are not matched to any user profiles.
Hi @ssong
My recommendation: when you are planning to upload or update descriptions make sure to Export the data as a first step and then update descriptions according to the schema.
note: make sure the schema columns exact match with data.
Hi @ssong
This is my downloaded file using below button
after entitlement aggregation, where we can clearly see the different schema values: group and entitlement
Here we need to update the description of the entitlements (of schema type group and entitlement)
Note: we should not disturb other column values, especially schema,attributeValue, displayName and attributeName column values. privileged values can be updated to TRUE if you would like to base on your requirement.
Now we will import the description file using below button.
The description values successfully imported as shown below
Please let me know if you have any specific queries regarding descriptions.
1 Like
Answer to your valid question: now it makes sense to me
Is there a reason why these all need to be reset via API call when the entitlements are imported via a flat file?
“My testing shows no need to reset the data. Instead, simply update the aggregation input CSV file with one record and reaggregate; the remaining line items will be deleted automatically.”
Hi Pattabhi - I tried that and the old entitlements still seem to stick. Any recommendations?