Push User entitlements into IDN

aceiss · June 15, 2023, 6:17pm

I’m looking for some help/guidance with IDN and, in particular, pushing account entitlements into Sailpoint.

I’m working with a push approach to Sailpoint for onboarding, and am looking to push user entitlements, assigned and used, scoped to a non-auth source. We surface data programmatically to create non-auth sources, push all the users associated with that app/source using csv and correlate them against identities. I need to get these entitlements into the system as well, and I’m not entirely clear on the best approach. Apis? can I add data to the csv?

sailesh_basel · June 16, 2023, 5:44pm

@aceiss

Yes, you should be able to use csv.

For account entitlement you can have that info in csv as well and create a source in IDN. Then you can use discover schema by going to Account Schema option. Then all the column header will appear as per your flat file. Then you should be able to select Entitlement option for the column that has the data for account entitlement in your csv file.

Please refer to this document for more information:

https://documentation.sailpoint.com/connectors/delimited_file/help/integrating_delimited_file/introduction.html

Thanks,
Sailesh

aceiss · June 16, 2023, 7:44pm

Is there a way to do this without the need to do anything in the Sailpoint UI.

The tools we are building, with a single click, will provision the source and accounts all from our tool. So a requirement is to not need to do any manual steps in Sailpoint. We accomplish most of this now, minus adding the entitlements and custom attributes. Currently we seem to only be able to add the defaults.

ethompson · June 17, 2023, 12:35am

When you are creating the source you can mark an attribute in the schema as entitlement.

See “isEntitlement”:

You can make a call to update the full schema rather than the default and include this boolean on the attribute that should be an entitlement. put-source-schema | SailPoint Developer Community

aceiss · June 17, 2023, 5:06pm

So what you’re suggesting is a flow like this

Create the source using the API
Update the Source Schema using the API to modify for custom attrs and entitlements etc…

Then when I generate the CSV with the accounts, I would basically just set appropriate column based on my updated Source Schema.

it correlates and it is onboarded as expected

Or am I missing something?

ethompson · June 19, 2023, 1:13pm

That is correct. The entitlements will be populated based on the attribute that is marked.

aceiss · June 19, 2023, 2:29pm

I’ll give this a go. Thank you.

1 last question. is it best practice to list the array of entitlements as individual attributes or to have a single entitlements attr, with the array as the value?

ethompson · June 19, 2023, 2:32pm

Either way should work depending on what the application uses. If you want to have them as one attribute, it can be multi-valued in case a user has more than one.

system · August 18, 2023, 2:32pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Automate the creation/import of entitlements inside IDN Source? ISC Discussion and Questions	3	1326	July 19, 2023
Inbound API for account update/aggregation / CSV upload? ISC Discussion and Questions apis , aggregation , identity-security-cloud	2	703	July 19, 2023
Aggregate Entitlement and Accounts from JDBC Source ISC Discussion and Questions aggregation , identity-security-cloud , provisioning , entitlements , jdbc-connector	17	1881	October 6, 2023
IDNOW API to create entitlements/upload entitlements ISC Discussion and Questions apis , identity-security-cloud , entitlements	10	728	June 30, 2023
Create Entitlement API ISC Discussion and Questions	6	1977	July 19, 2023

Push User entitlements into IDN

Related topics