Push User entitlements into IDN

I’m looking for some help/guidance with IDN and, in particular, pushing account entitlements into Sailpoint.

I’m working with a push approach to Sailpoint for onboarding, and am looking to push user entitlements, assigned and used, scoped to a non-auth source. We surface data programmatically to create non-auth sources, push all the users associated with that app/source using csv and correlate them against identities. I need to get these entitlements into the system as well, and I’m not entirely clear on the best approach. Apis? can I add data to the csv?


Yes, you should be able to use csv.

For account entitlement you can have that info in csv as well and create a source in IDN. Then you can use discover schema by going to Account Schema option. Then all the column header will appear as per your flat file. Then you should be able to select Entitlement option for the column that has the data for account entitlement in your csv file.

Please refer to this document for more information:



Is there a way to do this without the need to do anything in the Sailpoint UI.

The tools we are building, with a single click, will provision the source and accounts all from our tool. So a requirement is to not need to do any manual steps in Sailpoint. We accomplish most of this now, minus adding the entitlements and custom attributes. Currently we seem to only be able to add the defaults.

When you are creating the source you can mark an attribute in the schema as entitlement.

See “isEntitlement”:

You can make a call to update the full schema rather than the default and include this boolean on the attribute that should be an entitlement. put-source-schema | SailPoint Developer Community

So what you’re suggesting is a flow like this

Create the source using the API
Update the Source Schema using the API to modify for custom attrs and entitlements etc…

Then when I generate the CSV with the accounts, I would basically just set appropriate column based on my updated Source Schema.

it correlates and it is onboarded as expected

Or am I missing something?

That is correct. The entitlements will be populated based on the attribute that is marked.

I’ll give this a go. Thank you.

1 last question. is it best practice to list the array of entitlements as individual attributes or to have a single entitlements attr, with the array as the value?

Either way should work depending on what the application uses. If you want to have them as one attribute, it can be multi-valued in case a user has more than one.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.