Non-Employee Risk Management Users connector Entitlement aggregation

What is the Problem?

While testing the connector designed to manage the Non-Employee Risk Management (NERM) lifecycle users and their permissions within Identity Security Cloud (ISC), an issue was identified during entitlement aggregation.

Expected Behavior
The connector should aggregate only the intended NERM entitlements (Lifecycle user roles) as it is designated for lifecycle users, so that NERM user access can be assigned, remediated.

Actual Behavior
When an entitlement aggregation is launched, the connector aggregates all user roles across the entire NERM lifecycle, including collaborator roles, rather than only the relevant entitlements. This results in unintended roles being brought into ISC.

Hello!

Is there more than one entitlement type created? If so, you can simply delete the types that you don’t want to be retrieved.

Hello,
There is one entitlement type in this connector configuration. The issue here is the behavior of the connector regarding the entitlement aggregation.

Hi Safae - I can confirm this is a Product bug. I was able to replicate the issue easily and provided details to the SailPoint NERM Engineering team responsible for the Users Connector. They are investigating the issue and we will find a bugfix to only pull the Lifecycle User Roles.