8.2
Hello
I have a script in before provisioning rule to remove some groups form AD
accountRequest.add(new AttributeRequest("memberOf",ProvisioningPlan.Operation.Remove,group_to_remove));
But the groups is removed from AD but it still appears in Sailpoint with a red triangle with message “Entitlement does not exist in Sailpoit”
can you try to re-aggregate the groups of this application?
I did an account and group aggregation but its still the same
Run the PIRM task and refresh task with select assigned and detected roles options.
This is typically because there is still AttributeAssignment for that entitlement, so SailPoint expects it to be assigned to the account, but you have removed it with your script. You need to remove the assignment as well. Here is an example:
ProvisioningPlan.AttributeRequest entAttrReq = new ProvisioningPlan.AttributeRequest();
entAttrReq.setOp(ProvisioningPlan.Operation.Remove);
entAttrReq.setName(idenEnt.getName());
entAttrReq.setValue(idenEnt.getValue());
//Add preferRemoveOverRetain argument to prevent filtering from happening
entAttrReq.put("preferRemoveOverRetain","true");
//Add assignment argument to remove the attributeAssignment from the identity
entAttrReq.put("assignment","true");
I noticed that after removing the entitlements are on status “Verifying”
Hello all
It seems entAttrReq.put("assignment","true"); worked
Do I need the entAttrReq.put("preferRemoveOverRetain","true"); ?
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.