IIQ --> IDN: Getting IIQ Roles Information in IDN via SCIM 2.0

Hi, I have an established auth source connection to an IIQ instance via SCIM 2.0. I am trying to do an entitlement aggregation to pull in all the avalible roles in the IIQ instance. My plan is to track what roles they have in IIQ and then build roles in IDN based on those entitlement/roles from IIQ.

For example a user requests a role in IIQ that role get applied to their IIQ identity, IDN aggregates those Identities into IDN as an auth source and makes identities in IDN with them. We want to key off provisioning through IDN based on what role these users have in their IIQ identity via roles in IdentityNow.

Like this:


The issue im running into is that when I aggregate the users in their roles come attached to their records. Each of the roles splinter off into specific roles for that specific user as you can see in the picture above each of the clarica ad roles/entitlements have an accountName for specific users. This wont be useable for building an IDN role with.

Next I thought I need to do an entitlement aggregation to repackage all the entitlements/roles so they can be useable and not tied to each specific user.

When I kick off an entitlement aggregation I get this error:

Any suggestions are appreciated.

Thank you,
James Mocarski

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.