Issue IdentityNow Bulk Access Profile and Role-Importer

Hi Sailors,

I am trying to use this IdentityNow Bulk Access Profile and Role-Importer to import access profiles in SailPoint IDN. However, there seems to be a limitation on the number of entitlements pulled by the following api that the has been build into the script (ruby):

{{api-url}}/cc/api/entitlement/list?CISApplicationId=

Currently, only 250 entitlements can be pulled with this api. And therefore, the ruby script is unable to find rest of the entitlements to create an access profile.

I tried using another beta api:

{{api-url}}/beta/entitlements?limit=1&offset=0

Here, I wanted to play around with offset and limit to get all of the entitlements but the script throws an error.

Has anyone faced this issue? Any comments or suggestions on how to proceed further?

Thanks

Can you post a link to the tool? I’ve never tried using that tool before, but it sounds like it probably needs to be upgraded to use the newer beta API’s in order to remove that limitation.

I found the tool, it looks like there is a newer version that uses the “limit” feature of the API that might resolve your issue: #{url}/cc/api/entitlement/list?limit=#{limit}&CISApplicationId=#{source}

https://community.sailpoint.com/mpomh84452/attachments/mpomh84452/professional-services-documentation/33/5/Role-Importer.zip

Thanks for your insights Philip. However, I think limit will only give me 250 results every time starting from the first element (entitlements). It looks like I cannot pass offset value to indicate my starting point.

Hi @ncrai20,
I too faced the same issue where there are already more than 250 access profiles in my IDN tenant and I need to create 200 more access profiles. Is there any solution for this or maybe an updated role importer tool?

Thanks,
Arshad.

Hi, @Arshad.

Curious to know if you ever found a workaround for this as I am in the same situation as you. I posted in the community forums as well, but no luck yet.

Same for me. I also posted in the community forum about this with no response.

This limit doesn’t work as expected now. The code basically takes the “count” that is returned and changes the limit to this value and then calls the API endpoint again. This now results in an “Error” because it exceeds the 250 limit.

@edmarks @ncrai20 @Arshad I was able to find a version of the tool that has been updated to handle the limits. I am going to work on making it more publicly available, but for now, here are the updated files that should give you what you need
roleImporter.rb (74.3 KB)
README.md (17.0 KB)

Others have noted in various spots that the “entitlement” API doesn’t appear to work with the start/limit as the other API’s. The core product appears to have migrated to a V3/Beta API also in place of the V1 API also which is the likely change that’s needed.

Honestly - It’s a little disheartening to see the vendor supply a tool and then abandon it to the “community” considering this should be core functionality.

2 Likes

We need an updated version of this tool… the current download links I found : IdentityNow Bulk AccessProfile and Role Importer - Compass (sailpoint.com)

point to an outdated tool (at least for entitlements it does not do paging.)

I dont know enough Ruby, and this tool is critical for large scale operations with IDN.

Following, and hoping for an update.