Native Identity null for webservice connector

Hi All,
I have configured WSC source in IDN and able to do successful aggregation. When i tried to trigger provisioning the account has been created and provisioning plan also created and i am able to see in the account activity in search.

The provisioning plan looks fine and also the create profile mappings also looks fine. What will be the issue?

But the activity shows the following warning:

Native identity is neither present in the plan nor in the response sailpoint.

Thanks,
Shantha Kumar

Hi @Santhakumar ,

When your provisioningPlan do not contain your nativeIdentity schema attribute, you would see this warning.

It is a warning, you do not need to worry about it. But, in any case if you do not wish to see the warning, there are two ways to resolve this:

  1. Assuming your nativeIdentity is a known value(like email, etc), make sure your create provisioning policy contains it
  2. If your nativeIdentity is a generated value (like object id), then it could be two ways:
    a. You have id returned in your response after create account is executed, in that case have that captured through response mapping. If it is a complex one, use after rule to have the id value returned as processedResponse object
    b. You do not have id returned from your create account response. In that case, if you have a single get object query which ca be queried by email or any other known attribute, have the second query called and capture your response id

Regards,
Uday Kilambi

1 Like

@Santhakumar

  1. Include the native identity in the provisioning plan attributes
  2. Return the native identity in the account create response attributes
  3. Basically when you create the account it returns a unique id make sure you map that correctly and to account ID (account schema).

The userID is the nativeIdentity cause i have set this attribute as AccountID and AccountName in account schema. Anything here i missing?

Please do following:

  1. Create another account schema attribute lets call it as ID
  2. Mark ID as account Id in the schema
  3. Map the id returned after account is created to ID

Hope this should work for you!

Regards,
Shekhar Das

@shekhardas1825 The #3 point we need to map in the create account operation response mapping or where?

Create http operation response mapping

Whether we need to map in account aggregation response mapping? Becz i have created rule for this operation.

Also we need to add this ID in create policy right?

This needs to be mapped in create http operations only.

You do not have to map it in create provisioning policy as this id will be generated by the target system and you need to map it (read from response).

Do you have a rule for create operation?

Regards,
Shekhar Das

@shekhardas1825 Nope

@shekhardas1825 But the userID was created from IDN provisioning policy which is sAMAccountName, if its okay to proceed. I bit confusing?

Usually all the API that you will be using for any modification of the account will expect the id which is generated by the target system (you need to confirm that as per you requirement you need to see what should be your account ID)

I believe there is no harm if you change the account ID to ID instead userID.

Give it a try if it works fine otherwise revert the changes.

Regards,
Shekhar Das

Sry for the late reply. I haven’t resolved this issue but iam able to see the native identity when i aggregate the WSC source, but during create account trigger the nativeidentity is still going as null. I don’t know why this is happening. May be i can raise the support ticket for this issue. If you find any solution pls ping me.

Thanks,
Shantha Kumar

@Santhakumar,

Could you please share the response mapping screenshot of create operation?

Regards,
Arun

Hi @Santhakumar,

Can you please share your account Schema ?

It seems like, that attribute that represent account in your source schemas is not populated.

@Arun-Kumar @baoussounda Here is the Account schema and Response mapping for the create operation.




@Santhakumar can you share your account create profile?

@baoussounda For UserID we have generate the new id for each user using Attribute Generator Rule by checking uniqueness. The values are populating correctly in provision plan. Attaching the same here.



@baoussounda The create account operation which i done in postman is not returning anything it just give 200 response

Hi All,

I have resolved this issue by creating new attribute called userid in CREATE ACCOUNT Profile.

Error:

Native identity is neither present in the plan nor in the response sailpoint.

Root Cause:

The attributes which we are setting as Account ID which is native identity should be match in both account schema and in create profile. If not match it will throw the above error.

Solution:

Make sure all attributes in account schema and create profile are same.
If not all attributes atleast make sure the AccountID attribute are same.

Thanks,
Shantha Kumar