Hi @Bernardc
As per my understanding, the description field in the Entitlement Catalog is not automatically mapped back to the target system (Active Directory) for provisioning updates.
Instead, its primary purpose is for display within the IdentityIQ UI. This supports different languages and provides certifiers and approvers with business-friendly display names and descriptions for raw groups/entitlements.
The description is an attribute of the ManagedAttribute object. The ManagedAttribute object, which represents an entitlement for governance, primarily stores metadata such as its display name and the description you are seeing.
Regarding character length: While the description field in IIQ has a character limit of 1024 (which often matches AD’s limit), this only means that the description is updated one-way during aggregation. There is no automatic synchronization back to AD if the description is updated from the IIQ UI.
Therefore, it is indeed the expected behavior, to my knowledge, that modifying the description in the Entitlement Catalog does not automatically provision that change to Active Directory.
Let’s wait for expert feedback on this matter.