I am referring to this new feature, which a lot of clients have been looking forward to
and wondering how a new user level created can be assigned to an identity
Hey Nithesh!
I recently was playing around with this. You can assign the custom user level under the identity details page from clicking on a specific identity.
The normal Set User Levels option in the dropdown will now show the new user level after the user level has been created and saved.
2 Likes
Thanks @tyler_mairose
I was hoping the new user level would show up as an entitlement under “IdentityNow” source like OOTB user levels do. But, I did not find it there
Thanks @iamnithesh for sharing this.
I didn’t find anything in the document either. There are questions asked about making custom user levels as entitlements, no response from SailPoint PM yet. You can also follow it here: New Capability: Custom User Levels - Announcements / Product News - SailPoint Developer Community
However, I would like to request you to try this and let me know. What if you add your custom user level to a user manually and perform Account Aggregation, does the level promote as an entitlement.
Not sure if you tried it already, still checking and thank you as I do not need to test this from scratch 
1 Like
I couldn’t wait, I tested it.
Added a custom user level to some users manually and performed aggregations for IdentityNow source
- Entitlement Aggregation – nothing
- Account Aggregation – Entitlement promoted, got custom user level ID alone, not any other properties like display name or description. I believe this is enough to get forwarded for access requests.
1 Like
Hi @KRM7
How did you aggregate IdentityNow source? I don’t see any option
But I can see this under user’s Access/Entitlements
Still nothing here
I am using Identity Security Cloud Governance connector, Not sure why you don’t see single account aggregation.
I see this custom user level everywhere as an entitlement.
That worked… but as you mentioned entitlement is just shown as GUID. I feel this is made too complicated and needs to be simplified.
Thanks @KRM7
1 Like
For custom user levels, it is a different API, guess they missed it to add in connector. I checked from scope perspective as well, there is no new scope created for custom user levels or maybe it will be created, so that you can control the scopes for PAT/OAuth clients.
1 Like
I think the scope for the PAT will automatically be same as the permissions added to the user level… just guessing
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.