Hi, Due to some constraint on SCIM availability, I am trying to use webservice to connect CyberArk (PAM self hosted). Since we have rest api available from CyberArk side I thought to go ahead with normal web service connection with IDN. I am able to connect to my cyberark environment from IDN using web service and able to do account aggregation as well using rest api.
My issue is with Create Account where it says there should be http operation set for group aggregation and at least there should be entitlement defined. Here I am stuck because I am not able to use group aggregation api properly. I am thinking to manually add group as entitlement. Could you please suggest if I can do this, if yes then how can I do.
You can also suggest me better ways to handle this use case.
The entitlement information should always come from the system you are connecting to, in this case CyberArk. For this, you need to have a proper group schema, that maps from the account schema. You can manage those with the APIs (put-source-schema | SailPoint Developer Community). First get the current group schema (v3/source//schemas, then update the group schema with a PUT operation.
Then ensure you properly map the attributes from the JSON attribute path into the schema attributes.
Can you share perhaps what your current schema looks like, or alternatively, what now the issue is?
Hi @sauvee Thanks for your response. I am able to reconcile groups as entitlement aggregation. They are in IDN now. My step is to go for create account http operation. I will post here if any further issue during create account activity.
