Identity - Mapping 2 entilements as a combination

shettyr · August 30, 2022, 3:17pm

Hi All,

We have a scenario where an entitlement is a combination of 2 entitites:

Role
Product

API used to fetch this is : v1/users/{userID}/roles-products
API Output:

"items": [
        {
            "product": {
                "id": "A",
                "name": "Account"
            },
            "role": {
                "id": 1,
                "name": "Preparer"
            }
        },
        {
            "product": {
                "id": "A",
                "name": "Account"
            },
            "role": {
                "id": 10,
                "name": "CFO"
            }
        },
        {
            "product": {
                "id": "A",
                "name": "Account"
            },
            "role": {
                "id": 14,
                "name": "System Admin"
            }
        },
        {
            "product": {
                "id": "D",
                "name": "Journal Document"
            },
            "role": {
                "id": 1,
                "name": "Preparer"
            }
        }

How can we map this response to an identity as an entitlement in below format:

UserID : Product Name - Role Name

With creation of 2 entitlement types: Role and Module (i.e. Product), we see them as separate entitlement rows.

M_rtenH · August 31, 2022, 9:31am

$[items][*][product,role][name]

Would be a valid JSONPath to return both the product and role names but it will return a list and I don’t think IDN would map that to a single field.
You can’t really do any concatenation within a JSONPath expression (unless IDN uses JayWay JSONPath implementation?) so you’d need to have this logic outside of the aggregation. An AfterOperation rule would likely be able to accomplish this but I’m not the best person to ask about rules

shettyr · August 31, 2022, 12:12pm

Thank you @M_rtenH for the reply. Indeed the above JSONPath cannot be mapped to a single field. We see field value to be blank when tried to map it as advised above.

Also with above setup, please see my original post, we see records 2 times in Entitlements tab. How can this be addressed ?

M_rtenH · August 31, 2022, 12:58pm

Did you change the entitlement schema and re-import? That could cause duplicate entries.

If you want to clean it up, you’d need to reset the source via POST https://<org>.identitynow.com/cc/api/source/reset/<sourceID_from _URL>?skip=<value>
where value for the ‘skip’ parameter can be accounts, entitlements or none.

Topic		Replies	Views
Multidimensional Entitlement Management ISC Discussion and Questions webservice-connector , identity-security-cloud	4	320	March 10, 2024
Webservices connector -- Multiple entitlement aggregation ISC Discussion and Questions	1	767	July 19, 2023
Webservices \| Parent Endpoint to aggregate multiple TYPEs of Entitlements ISC Discussion and Questions webservice-connector , identity-security-cloud	3	560	March 20, 2024
Response mapping for entitlements/groups/roles in the Web service connector ISC Discussion and Questions aggregation , identity-security-cloud	7	26	December 3, 2024
WebService entitlements aggregation ISC Discussion and Questions	3	1399	July 19, 2023

Identity - Mapping 2 entilements as a combination

Related topics