Encountering issue while creating a user

Identity Security Cloud (ISC) ISC Discussion and Questions
1

I am encountering an issue while attempting to create a user in the external system through the SailPoint UI. Below are the steps I followed:

  1. Created a new Source and completed its configuration.
  2. Ran Discover Schema on the Source.
  3. Executed Account Aggregation.
  4. Followed by Entitlement Aggregation.
  5. Performed necessary attribute mappings under the Account Create section.
  6. Created an Identity Profile using the configured Source.
  7. Created an Access Profile:
  • Within the Manage Entitlements section, I selected an entitlement from the same Source.
  1. Created a Role:
  • In the Manage Access section, I included both the entitlement and the access profile.
  1. In the Define Assignment section, I assigned the Role to an Identity.
  2. Finally, I opened the user and clicked on Process Identity to initiate user creation in the Source.

However, upon clicking Process Identity, I encountered the following error:

image
image842×407 67 KB

This is the end-to-end process.

I was able to create the user successfully through the SailPoint CLI, and the API appears to be working correctly. However, when I click on ‘Process Identity’ in the UI, I encounter an error, and it seems that the API is not being triggered at all.

2

Hi @robins - You mention you have created an Identity Profile associated with the Source, so I’m assuming you are using it to create Identities based on accounts in source. Then you are assigning an entitlement to the identity. In that case, the connector should not be attempting to create an Account as it should already exist. Double check Account Names and Account IDs in aggregation and create profile.

1 Like
3

Hi @robins , As you mentioned, “Within the Manage Entitlements section, I selected an entitlement from the same Source,” it appears that you added an entitlement from an authoritative source. The identity was created because the user already has an account on that source, which is why you’re encountering this issue.

To properly test the joiner scenario, I recommend creating a new (non-authoritative) source for testing purposes.

4

Hi @j_place - I am currently attempting to create an account that does not exist in the same source—it belongs to a different source.

Previously, I was able to create an account by first deleting the user from the original source and then providing static values in the Create Account attribute mapping section. When I ran Process Identity for the same user (who had just been deleted), a new account was successfully created using the static values defined in the attribute mappings. But it’s not working now as well.

5

Hi @hkhandale , I also tried with different sources but it did not worked.

One more thing I also wanted to add here that I replied in the above suggestion -

Previously, I was able to create an account by first deleting the user from the original source and then providing static values in the Create Account attribute mapping section. When I ran Process Identity for the same user (who had just been deleted), a new account was successfully created using the static values defined in the attribute mappings. But it’s not working now as well.