Handling Uncorrelated Accounts with Entitlements in Account Aggregation

Description:

I’m using a Web Service connector with an Account Aggregation HTTP operation, where I’ve mapped user roles to group Entitlement types. I’ve created Access Profiles (APs) for each entitlement type (User, Admin, and Supervisor). When I aggregate accounts, both correlated and uncorrelated accounts are aggregated, and entitlements are added accordingly.

However, when I view identities with entitlements, only correlated accounts are displayed. Our provisioning and deprovisioning process works as expected for correlated users, but I’m struggling to achieve the same for uncorrelated accounts.

Specifically, I need to remove an AP for uncorrelated users during a certification campaign, but since the APs don’t associate with uncorrelated users, this option is not available in the campaign.

Question:

How can I handle uncorrelated accounts with entitlements in Account Aggregation, and make them visible in certification campaigns, so I can remove APs for these users?

Additional Context:

• I’ve created APs for each entitlement type (User, Admin, and Supervisor)
• Provisioning and deprovisioning work as expected for correlated users
• Uncorrelated accounts are aggregated, but not visible in certification campaigns

Hi Sita Ram,

For uncorrelated accounts, we need to do uncorrelated accounts certification - try to filter the entitlement we need to filter and then reassign the certification to the intended recipient

Regards
Arjun

You need to do a certification on the entitlements - that will work, you can then revoke the entitlements on the uncorrelated accounts.

Once you remove the entitlements, the AP should be gone.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.