Error in Webservice Connector: Add Entitlement & Modify Account Failing During Identity Refresh

hkhandale · May 5, 2025, 11:21am

Hi all,

We’re encountering issues when enabling/disabling a webservice connector account of identity in SailPoint IdentityNow via workflow. Account is getting enabled/disabled but during the following events are triggered:

Add Entitlement
Modify Account Passed (Identity Refresh)

However, both are failing with the following error:

pgsql

CopyEdit

[ConnectorError] No configuration found for 'Add Entitlement-undefined'. Please add at least one operation and try again. (requestId: f8b77a0925ce4a00805bd151120824cc)

I have already configured the Add Entitlement operation in the connector. Despite that, the operation continues to fail. Due to this, all attribute syncs are failing as well.

I’ve attached a screenshot for reference.

Has anyone faced a similar issue or have any insights on resolving this?

Thanks in advance!

Chaithu9110 · May 5, 2025, 12:06pm

add access profile and try it

hkhandale · May 6, 2025, 5:42am

I tried to use access profile in role to avoid Add Entitlement event issue while enabling account, still getting this event.

iamnithesh · May 6, 2025, 12:28pm

There is some gap here. I think you have marked the account attribute as Entitlement but not selected the type to be one of the entitlement types you have created.

hkhandale · May 7, 2025, 1:21pm

Hi @iamnithesh, thanks for the reply.

I have updated Entitlement attribute type to group

after that again i am getting same error while disabling/enabling account

Error :
[“[ConnectorError] No configuration found for \u0027Add Entitlement\u0027. Please add at least one operation and try again. (requestId: 87e5201f0bdf4835ba2bbb9a9e064875)”]

iamnithesh · May 7, 2025, 1:26pm

You need to add an HTTP Operation of type Add Entitlement-group (if group is the type of entitlement you have created. replace it with right value) and configure it with the API call info for adding that entitlement to a user

hkhandale · May 7, 2025, 2:29pm

Thanks @iamnithesh

I’ve now added the Add Entitlement operation, and it’s working as expected.

I do have a question regarding the HTTP operation body configuration for retrieving the requested entitlement via API.

Currently, I’m using the following structure:

{
  "ID": "$getobject.nativeIdentity$",
  "Role": "$getobject.role$"
}

Here, I’m passing the current identity’s role. However, when assigning entitlements via API, which object should I reference in the body to correctly fetch the entitlement being assigned?

Additionally, when assigning an entitlement through a role to an account, which object should be used in the body to extract the entitlement associated with that role?

Appreciate your guidance on this.

iamnithesh · May 7, 2025, 3:40pm

it will be "Role": "$plan.role$" where role is the name of the account attribute that is set as entitlement type “role”

hkhandale · May 19, 2025, 2:42pm

Hi @iamnithesh

I have a requirement where I need to pass 3–4 entitlements across different attributes, and 2 entitlements under the same attribute.

Right now I am passing 3–4 entitlements across different attributes

I’m currently using the following request body in the Add Entitlement operation:

{
  "ID": "$getobject.nativeIdentity$",      
  "Role": "$plan.role$",
  "Treasurer": "$plan.treasurer$",
  "FullAdministrator": "$plan.fullAdministrator$"
}

While the Role attribute is being mapped successfully, both Treasurer and FullAdministrator are not mapping correctly. Interestingly, if I replace $plan.treasurer$ with a static value like 1, it works as expected — the value is passed successfully.

To troubleshoot, we have:

Defined these attributes (Treasurer, FullAdministrator) as entitlements in the Account Schema
Aggregated them
Configured them in the Access Profile

Despite this, they are still not being passed. I also attempted using $getobject.treasurer$ , but it didn’t resolve the issue.

Provisioning events are triggered for each attribute under Add Entitlement, but the attributes themselves are not appearing in the final payload. Please find the event logs screenshot below for reference.

and what should be the request body while passing 2 entitlements of the same attribute.

Looking forward to your guidance on this.

system · July 18, 2025, 2:42pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to create entitlement manually in webservice connector? ISC Discussion and Questions webservice-connector , identity-security-cloud , entitlements	9	728	May 21, 2024
IDN Web Service Connector - Entitlement Operations ISC Discussion and Questions	2	1497	July 19, 2023
Web Service Connector prevent Add Entitlement from being called after Add Account Operation IIQ Discussion and Questions webservice-connector , identityiq	13	445	October 7, 2024
Webservice connector Add Entitlement issue IIQ Discussion and Questions webservice-connector , identityiq	7	229	November 29, 2024
Reference Entitlements in WebServices connector - Add Entitlement Operation ISC Discussion and Questions webservice-connector , rules , provisioning , entitlements	2	935	July 19, 2023

Error in Webservice Connector: Add Entitlement & Modify Account Failing During Identity Refresh

Related topics