Is there a way to provision entitlement to source?

Which IIQ version are you inquiring about?

IdentityIQ 8.3/8.4

Hi Experts,

I would like to know if there is a way to provision entitlements from IdentityIQ to the source system. For example, creating a security group and provisioning it to Active Directory.

Hi @Bernardc

Yes, you can do it. Basically it’s 2 different process.

1. Create entitlement: can be done through Entitlement Catalog using below 2 ways. This uses ‘Entitlement Update’ workflow at backend.

• Login to SailPoint → Applications → Entitlement Catalog → Click on ‘Add New Entitlement’ → Enter the details of Application, Value, Type etc). Or
• Login to SailPoint → Applications → Entitlement Catalog → Import → Import csv file. If you need sample of csv file, then first export the existing data by clicking on export, uncheck All Applications and choose necessary application.)

2. Add Entitlement/Remove Entitlement to user account : It can be done through Manage Access Quicklink. (Hamburger symbol → Manage Access → Manage User Access → Choose identity and then entitlement)

Hi Arpitha,

Thanks for information.

It actually works by “Add New Entitlement”, a new security group will create in AD. But when I try bulk import, it will just show added in SailPoint but not created in AD.

I am suspecting it is due to missing value in the csv.

Hi @Bernardc

Using csv, you can create the entitlement which is straight forward. Example, creating delimited application entitlement where just value is needed for creating it. But for Active Directory, we need object properties like distinguishedName etc. In that case, the only option is through UI. Because, we can not pass these object properties details in csv headers.

Hi @Arpitha1,

I see. Thanks!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.