GenAI Descriptions for Entitlements Stuck in “Requested” Status – IIQ 8.5

Hello Everyone,

I am currently testing the GenAI Descriptions for Entitlements feature in IIQ 8.5 integrated with a SaaS IDN test tenant from SailPoint.

I enabled GenAI Descriptions for Entitlements in Global Settings and configured the GenAI connection using my SaaS IDN test tenant API credentials. The test connection under GenAI Settings is successful. However, after generating descriptions, the status remains stuck in Requested and does not progress further.

Current Behavior

• The Generate Descriptions option is visible in the Entitlement Catalog.
• Description generation requests can be submitted.
• The status remains Requested indefinitely.
• GenAI-related logs are generated repeatedly every minute.
• I temporarily disabled the feature due to excessive logging.

Configuration Details

• IIQ Version: 8.5
• GenAI Descriptions for Entitlements: Enabled
• GenAI Settings Test Connection: Successful
• AI-Driven Identity Security Test Connection: Failed
• Using SaaS IDN Test Tenant API
• OAuth Client Credentials configured
• No Virtual Appliance (VA) configured in Test Tenant

Observations

• The connection test under GenAI Settings succeeds.
  

  

  image1866×892 36.1 KB

• The connection test under AI-Driven Identity Security Configuration fails.
  

  

  image706×383 16 KB

• Entitlement description requests remain in Requested status.
  

  

  image1858×438 19.4 KB

• Logs continue generating repeatedly until the feature is disabled.

Questions

1. Are there any additional configuration steps required in the SaaS tenant for GenAI Entitlement Descriptions?
2. Does this feature require a Virtual Appliance (VA) even when using SaaS APIs?
3. Is the failed AI-Driven Identity Security Configuration test connection related to this issue?
4. Are there any required background tasks or services needed for processing GenAI requests?
5. Has anyone successfully tested this feature in IIQ 8.5 using a SaaS test tenant?
6. Are there any specific tenant configurations required for GenAI features?
7. Besides a SaaS IDN tenant, are there any other SailPoint products or GenAI services that can be used with IIQ for generating entitlement descriptions?

• Or is an IDN tenant mandatory for using GenAI Descriptions in IIQ?

Logs

GenAI-related logs are being generated every minute while the feature is enabled. (Sample logs attached.)
GenAIEntitlementDescription.txt (27.0 KB)

Additional Notes

I found a similar discussion but there was no confirmed solution, so I wanted to check if anyone has successfully implemented this feature.

Any suggestions or guidance would be appreciated.

Hi,

From the logs, IIQ is failing to fetch the required GenAI prompt artifact (genai-descriptions-iiq). This suggests that the IDN tenant may not be provisioned or authorized for the GenAI artifact service. It appears that SailPoint may need to enable the GenAI / AI-Driven Identity Security entitlement for the tenant to resolve this issue. Please correct me if I’m mistaken. Thank you.

Thanks for your response. GenAI is configured correctly, and we can see the successful results in the screenshot above. However, I am facing failures with AI-Driven Identity Security. Please check the screenshots above.

What I’m thinking is that AI-Driven Identity Security configuration may not be required for this setup?

Agree even though the GenAI connection test is successful, IIQ still needs to fetch the genai-descriptions-iiq prompt artifact via the AI-Driven Identity Security endpoint thanks.

I’m not sure why this is failing for AI-Driven Identity Security but working successfully for GenAI. Do we need to configure Virtual Appliances in my IDN test tenant?

@santhirajumunganda the configuration you’ve done in IIQ looks right; the blocker is the cloud tenant not being entitled for the GenAI artifact service yet.

Yes, thank you for your response. I am exploring this artifact service further. In the meantime, if you know anything about it, please share it here.