OOTB IdentityNow source is not getting updated with new entitlements

We are using search to get all available existing entitlements for OOTB IdentityNow source. What I am seeing is not all user levels are visible under search for this source.

image3314×1818 428 KB

We are seeing 10 entitlements but there are more than 10 user levels in ISC

image1074×1866 178 KB

We want to make Access request admin and read only admin available for user request. To do that we need them coming from group aggregation.

Hack: I can assign user level to any identity and get them from account aggregation but it would be ideal to get these from group aggregation. We are currently using this option.

You have a few options:

1. Use the Colab IdentityNow Management source:
   GitHub - sailpoint-oss/colab-saas-conn-identitynow-management: Loopback connector to manage IdentityNow like any other managed system. Allows to manage user levels, governance groups and identity status.
2. Use the Identity Security Cloud Governance source (created by SailPoint)
3. Tune in for the Developer Days in May where I’ll be demonstrating a third option.

@edw
You are sharing the way how it’s done but that’s not the problem here.

Let’s take an example of your first solution, colab source.
That source is using same query which I have shared earlier. colab-saas-conn-identitynow-management/src/idn-client.ts.txt at 958301efa885acb2925c2535dcb17c03479efe44 · sailpoint-oss/colab-saas-conn-identitynow-management · GitHub

It gets same 10 results

image3184×1756 414 KB

The problem is more of search query result then on how to manage identitynow roles. I know all of these solutions but I cannot use any of these if search query itself is not getting right results.

I also know how to temporarily resolve my issue as I have mentioned in hack.

In fact Colab source is only managing those 10 entitlements and if you have any other access like AIC reader, Config hub admin, etc it would not manage those.

You can see it is getting privileged identities using this query: colab-saas-conn-identitynow-management/src/idn-client.ts.txt at 958301efa885acb2925c2535dcb17c03479efe44 · sailpoint-oss/colab-saas-conn-identitynow-management · GitHub
so if you have config hub admin, you are not getting aggregated as privileged identity.

What is the goal you are trying to accomplish? Do you just want to ‘see’ the user levels or do you also want to know which user levels are assigned to your users?

The goal is to get all user levels in our current webservice loopback source under group aggregation which can only be solved by Sailpoint as it seems.

Not sure why are you getting only 10 results. I created a source in my demo tenant and I can see 22 of them. Also, the attribute type is shown as “UserLevels” in my tenant

image1708×820 36.4 KB

Because you are querying the source which you have created. It is not OOTB identitynow source which I am searching against.
You got those entitlements as part of account aggregation and not group aggregation.
Last time I tested there should not be any difference of using entitlement in provisioning if it’s coming from account or group aggregation but it’s just helpful if they are coming from both.

If you want to get ALL user levels, you can use this API endpoint:
/v2025/authorization-capabilities

Please note that this is an undocumented endpoint, so might not work anymore in the future.