Entitelments in an Identity account are limited to one record only

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Hi,
We have an in-house target web application configure in IdentityIQ 8.1. In this application, usually identities have multiple entitlements in their accounts.
The issue is when browsing any identity details to see their entitelments, IdentityIQ is showing the same entitlement for all identities.
Any idea what is going on here.
thanks

2

Hi @kalabid,

the correct configuration for multple entitlements is this:

immagine
immagine996Ă—36 2.3 KB

you must configure like managed, entitlement and multi the attribute of account that detect the id or the name of entitlement. Also, the type of attribute could be the same of the element you want correlate.

In this example:

immagine
immagine751Ă—377 11.5 KB

the type of account attribute “groups” is “group” like the object type.

You must be sure that the account attribute contains the same values of identity attribute of object and the identity attribute must be unique.

3

Hi @Emanuele Nistri,
Thank you for your reply but I don’t have any groups in application config as shown below:
the account object:

undefined
undefined1163Ă—756 41.3 KB

and the permission objec:
image
image1209Ă—697 32.8 KB

The desired grouping is similar to Responisbilities section. Note that Responisbilities is extracted from other application and brought here for illustration only.
image
image1024Ă—895 58.8 KB

1 Like
4

Hi @kalabid,

what i meant whit groups are you permission.
it’s configured well, but I have some dubts.
In your account attribute like type permissions, the name of the attribute is PERMISSIONARDESC but the identity attribute of permission object is PERMISSIONCODE. Also, PERMISSIONARDESC attribute in permissions object is type permissions and some properties.

This means, you correlating the account and permission with two different attribute with different values.

  1. If dont exists nested permissions, change the type of PERMISSIONARDESC in object permissions like string and delete the properties.
  2. If exist an attribute colled PERMISSIONCODE use this instead of PERMISSIONARDESC. Id dont exist, change the identity attribute of permissions with PERMISSIONARDESC

and aggregate group first and account another time

5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.