ISC User level assigned via Roles

Hi All,

In ISC, I see that the roles are now allowing us to assign the IdentityNow user levels as entitlements - such as ORG_ADMIN, SOURCE_ADMIN, ROLE_ADMIN, REPORT_ADMIN, HELPDESK, CERT_ADMIN etc.

I’m assuming we can now create requestable roles on ISC with these entitlements so that the identity user levels can be assigned to end users upon request, which eliminates the need of a loopback connector. Atleast, this is what I deduce of it.

However, when assigned the ISC role with “HELPDESK” selected as underlying entitlement to an identity, the role and entitlements are assigned, but the “USER LEVELS” field on the identity details still remains blank.

Isn’t the “USER LEVELS” supposed to be auto updated based on a user having above ISC user levels as entitlements?

Attaching screenshots for the same:

  • ISC User Levels available as Role Entitlements - where the ISC user levels are available to be configured within roles

  • Role Assigned to Identity - Assigned role to identity both using membership/upon manual request

Role Assigned to Identity

  • Entitlement assigned to Identity - Entitlement also is assigned onto the identity and source automatically appears as IdentityNow as these entitlements are for IdentityNow user levels OOTB

  • User level blank - In spite of the identity having the corresponding entitlement, the “USER LEVELS” field is still blank (also performed single identity refresh upon the identity & process identity)

Any insights around this or a fix is really appreciated.



To add to Arshad’s observation I can confirm the same.

In my scenario I have assigned the HelpDesk entitlement within ISC(IdentityNow) to a persona screenshot below:

User’s level:

Interestingly when this Persona actually log’s into the tool they are greeted with the following message:

1 Like

I can see the entitlement and I am assigned with the relevant extra tab - Admin:

Now I cannot access the said tab even though I do have the access as HelpDesk with ISC

Adding @colin_mckibben to this post.


What I have noticed is that the Admin level access assigned to an identity gets overwritten by the entitlements assigned via Roles. ie if an identity with ORG_ADMIN access is assigned “Helpdesk” entitlement via a Role, then the identity loses the ORG_ADMIN accesses

@iamology, in my case, I’m seeing that the user levels are not being assigned at all in the first place. What I have done in the screenshots above is that, assigned Helpdesk role to an end user who does not have any ISC user levels at all.

Even then, once the role that I created got assigned to the identity, I do not see “User Levels” on the identity details getting updated (or) on the identity, when I click on “Actions” > “Set User Levels”, I do not see any user level assigned to the identity

Have a look at the Management Connector:

You will find the entitlements under the default source of IdentityNow

@oliver_goebel2, unfortunately, IDN loopback connector is not an option here for us, instead we’re looking for OOTB option that SailPoint is providing for the user levels to be assigned via roles directly.

@iamology yes thats right. Once the role with identitynow user level containing corresponding entitlement is assigned to an identity, i can see it on the default identitynow soure under accounts.

But the issue i’m seeing here is more towards the identitynow user level entitlements assigned via roles but not being reflected on the identity details tab of the identity under “USER LEVELS”. Apparently, unless this field is auto updated, the identity technically does not have a user level tagged to them.

1 Like

Hi, @Arshad

I think this issue arose from the need to assign roles in NERM. You can check this article, maybe the connector will solve your problem. I am in the implementation stage to see if it works.

Thanks @GilbertoOledo14 :slight_smile:
I’ve tried and tested the NERM Users integration with ISC separately using Web Services connector and it is achievable that way.
But this post is created to understand the issue with the ISC User Levels which can be assigned as entitlements directly onto ISC roles which doesn’t seems to work currently.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.