I have multiple job codes in identity
Jobcode1, jobcode2 in delimited file
I have to access profile to be assigned based on job. Codes
For single job code user it is working fine
For multiple job code user in not able to assign multiple access profiles
Any ideas on this will help
make attribute multivalued that will work.
hi are you trying to automatically assign access profiles when the user has certain job codes. If this is your use case then you have to create assignment based roles by using standard criteria mapping to assign multiple access profiles.
Or is the use case this?
The user already has multiple job codes from target application and there are access profiles in your tenant with the job codes mapped. You are not able to see all the access profiles. Validate in your source account schema if you have made the jobcode attribute as multivalued and entitlement with the type mapped to correct entitlement type.
If the use case is completely different from above two can you provide more details.
I’m not entirely clear on the requirement, could you please elaborate or provide more details with example?
Could you provide more detail around how you have agreggated the data, ie do you have your multiple job codes assigned to each identity?
Hello @udayputta ,
I have this JobTitle In Auth source
user1 has JobTitle as abc,def
Then I have the Access profile 1 with assignment criteria if JobTitle Contains abc then assign Entitlement named abc
Access profile 2 with assignment criteria if JobTitle Contains def then assign Entitlement named def
but it is not assigning even after marking JobTitle as Entitlement , multi:true
Hi @sk8er23 ,
please have a look i have pasted more details
Hi @HussainshaSyed001 ,
i have marked it but no use
If the attribute is coming from your Auth source you need not make it as multi valued. You can have it as string. Now in your assignment criteria you have to use Operation as “Contains” and give the JobTitleName something like this. You can add more or conditions
HI @udayputta ,
I have this entitlements are also coming from the auth source
and I did the same as shown like contains of abc
but it is not showing even after unoptimized aggr
we are doing this as part of POC just FYI
ents coming from auth source? I don’t think this is a good practice having entitlement access management upon auth source. I suggest you do not go auth source with ents.
Might be you want to grant access on job codes I guess.
@HussainshaSyed001 yes correct instead of creating two sources we just entitlements auth source for POC
that cannot be assumed as best configuration and it cannot be good data hygiene as well, please separate it.
@HussainshaSyed001 sure thank you so much for your suggestions
How you are assigning the AP , via Role assignment criteria ? Did you check if the contain operator would be able to help this?
I would suggest create a sailpoint ticket . Sailpoint can check internally if this is not supported , if not then this is bug and sailpoint will enhance assignment crertia to support this.
Hi @amulpuru - A role should ideally be sufficient for this requirement.
jobCode contains jobcode1, assign role 1. If jobCode is jobcode2, create another role and assign role 2 and so on.