We have a source that has been set up in IDN and the entitlements have been aggregated in. Theteam from the source app has gone through and done a cleanup on their role/groups that are mapped to the entitlements, and this resulted in about 1/2 of them being removed (400+) from the source system. After they completed their clean up, we did an entitlement aggregation to pull in the updates. We see the new number of entitlements returned, however when we look in the Entitlements Tab or the Entitlement page, it still shows the original number of entitlements, and all the removed ones are still there.
So the questions is: How do we remove these entitlements from IDN?
It looks like someone had this same question a while ago, with no resolution: Managing entitlements
I know that we have the option of doing an Entitlement Reset through the API, which will remove all entitlements allowing us to re-aggregate the current one. This however is destructive since it unlinks the access profiles and roles, and changes the IDs of the ones that should be there.
Is there another way that these can be cleaned up? Either manually deleting them, bulk deleting them, or running the Entitlement Aggregation with a flag to removed deleted entitlements (so it functions like the account aggregation) ?
Hi @gmilunich ,
I understand the concern here, but unfortunately, I don’t see other options. To simplify things after source reset, we can use the bulk Role importer to update the access profiles/Roles in bulk.
Thanks for confirming what I had found already. I saw that topic, but had hoped there was another way that others have found.
To expand on this:
How are others managing entitlements changes/removals from the source systems?
Do you just leave the existing ones there?
If you use the reset, how do you manage making sure that you have all Access Profiles, Roles, Certifications, and other locations noted so they can be reconfigured?