NERM Webservice connector

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi Team,
I have configured NERM using web service connector. While creating the account Add entitlement is not getting triggered. Only account is getting created. Add entitlement is working individually.

The sequence of operation I have attached here

image
image1312×1064 57.3 KB

Also, I could see entitlement is getting added on Sailpoint means Sailpoint configuration is working fine. But on NERM it is not getting added, post aggregation entitlement getting removed from Sailpoint too.

2

Hi @shikhadeliveroo ,

  • This appears to be a sequencing or plan merging issue where the AddEntitlement operation is not bundled with the CreateAccount plan.
  • Alternatively, the provisioning policy may not be passing the entitlement attribute properly at creation time, and since it is not persisted on the target (NERM), aggregation clears it from SailPoint.
  • Since the entitlement works individually, this is not a script or connector issue, but rather an issue with how the entitlement is linked or triggered post-account creation.

I would suggest you to:

  • Verify Provisioning Plan:
  • Confirm that the entitlement is included in the CreateAccount provisioning plan or is being generated as a separate entitlement request immediately after.
  • Check Connector Configuration:
  • Ensure that the operation grouping in the Web Service connector is configured to allow both CreateAccount and AddEntitlement to execute in a single provisioning request, or to trigger sequentially.
  • Policy/Rule Review:
  • Review any provisioning rules or policies assigned to the source or identity profile that might conditionally skip entitlements during account creation.
  • Debug Provisioning Plan Output:
  • From the debug logs or connector gateway logs, review the actual Provisioning Plan JSON to confirm whether the entitlement is included during CreateAccount or submitted later.
  • Entitlement Mapping Validation:
  • Confirm that the entitlement attribute is properly mapped and passed in the request body during account creation.
  • Fallback Test:
  • Manually assign an entitlement to a test user with an existing account on NERM to see if the AddEntitlement operation is triggered and persists after aggregation.