We are currently exploring options to manage governance groups through Self-Service Requests. We’ve successfully configured the Identity Security Cloud Governance connector, and the connection test passed. Additionally, we were able to perform entitlement aggregation, which correctly pulled all three types of entitlements: Roles, User Levels, and Governance Groups from the tenant.
User and entitlement aggregation functions as expected. However, when attempting to provision one of the governance groups, we encounter the following error:
[ConnectorError] invalid output format: Schema validation error in path: [/: {"attributes":{"Gove... did not match any of the specified OneOf schemas]
We have not customized the connector, and the PAT (Personal Access Token) was created with the necessary permissions as outlined in the documentation. We’ve also tested different tokens with the highest privilege levels but continue to receive the same error.
Has anyone encountered this issue or have any suggestions on what might be causing this?
It worked perfectly fine for me. I believe the governance group attribute in account schema is not correctly mapped. Ideally, it should have been there by OOTB configuration of schema for this connector.
But, do verify that your attribute is mapped to the type Governance group schema.
Even I was able to request and add the user to governance group
The different i could observe between your request and mine is. In my case it is a modify request with id: 70f7f34a92be47ba9****************
In your case it is showing as create account with email address.
Can you validate if the identity your are trying out has ISC Governance Source account already. Techinially it should already be there when the identity is created
Thank you for response the response and the input.
You are right, it should be modify request. It turns out the error was due to the accounts not being correlated in right way. once we sorted that the requests are now going through.
Hi @kruna_sshah , I hit the similar issue in my tenant. Have you ever tried to create account using this Identity Security Cloud Governance connector? I tried to create an account with the assignment of an Access Profile containing a “Role Admin” UserLevels, however it keeps complaining like your error
[ConnectorError] invalid output format: Schema validation error in path: [/: {“attributes”:{"User… did not match any of the specified OneOf schemas]
I believe the idea behind this connector to let us manage User levels, Governance groups as entitlements. Here, the accounts are actual identities. So if you wish to create an account, my understanding is it would mean you want to create an Identity. There doesnt seem to be any support for that.
Thanks Krunal, yes you are right, my intention is to create a separate identity that can be used as an Admin in IDN.
It is sad that it is not supported to create account from the connector, even it mentioned it supports Create Account in the documentation
Yes, I see that in Supported feature. Your use case also seems to be a valid one. Perhaps this is an error in documentation.?
The Sailpoint consultants we had has explained that Only way Identity Can be created is Via Source+ IdentityProfile. Not sure, if there has been anu change in that.
I don’t belive the intention of this connector is to create accounts per se. If you want a separate identity to be an ISC Admin, follow the instructions here: Service Accounts | SailPoint Developer Community
