Role Provisioning Error with an Access Profile and Entitlement

CeeJ1 · October 14, 2024, 4:20pm

Hello,
I have created a Role which consist of one Access Profile and one Entitlement but they are coming different sources.
After approving the request for the Role. I can see that the Role has been provisioned but when I look into " My Request" and click the request I’m getting an error

I wanted to achieve the provisioning of Application (set in the Access Profile) in this scenario too.

I’m not sure which is causing the error. Is it because the Access profile and entitlement I have set in the Role is coming from different application or what.

Note: I already confirmed with the App owner that the necessary permissions has been provided in the API token we are using.

Needing help in figuring this out.

Prashanth0707 · October 14, 2024, 4:30pm

Hi @CeeJ1 ,
In the above scenario, the error might be causing for various reasons, I would start to debug from Provisioning the Access Profile and Entitlement separately to see if the issue is specific to one of them. Not sure if there are any rules on both sources that you are trying to provision!
Let me know!

CeeJ1 · October 14, 2024, 4:41pm

Hi @Prashanth0707, there are no any rules I’m using in both sources.

Prashanth0707 · October 14, 2024, 5:09pm

Hi @CeeJ1 ,

Please let me know if the individual Provisioning of access works?

CeeJ1 · October 14, 2024, 5:27pm

Hi @Prashanth0707, the entitlement provisioning works fine. The access profile failed to provision.

Prashanth0707 · October 14, 2024, 5:42pm

Hi @CeeJ1 ,
Just another thought see if you can tie it to a different access profile and provision it. Also it would help if you enable detailed logging for the connector to catch more granular details about the exception.

MVKR7T · October 14, 2024, 10:45pm

So the problem is with the Access Profile. Believe the entitlements in this Access Profile is from different source and entitlement you have in Role is different source.

If yes then can you try to request a different Access profile from the same source ?

Which connector is this BTW ?

CeeJ1 · October 15, 2024, 4:25pm

Hi @MVKR7T, yes that’s right. This is for the Slack application.
I tried creating a new access profile for the source and I still get the same error.

mpotti · October 15, 2024, 4:33pm

Have you tried to just add the entitlement that you have in the Access Profile? Roles should be able to support multiple entitlements from multiple sources. I am sure there is a reason you went with an access profile this would eliminate the AP it self out of the equation.

If it is success full then something in the way the AP is set up is not working correctly. If it fails then it is an issue with the source configuration.

CeeJ1 · October 15, 2024, 7:43pm

Hi @mpotti I tried to just add the entitlement it didn’t get provisioned as well.

I also tried Roles with just added the entitlements from Slack and the other app and it didn’t get through.

I actually used AP for the Slack entitlement as it consist of the workspace we needed to provision. Initially when I just used AP for provisioning the workspace it was working but when I used the Role in order to add the requirement that is needed which is an entitlement coming from the other source that’s when I started getting error.

CeeJ1 · October 15, 2024, 7:44pm

Hi @Prashanth0707 I did check the logs but it wasn’t really informative at all.

Prashanth0707 · October 15, 2024, 9:53pm

Hi @CeeJ1 ,
You can do couple of checks,

Please check if the debugging is enabled on the connector. if not please enable and see if the ccg captured any traffic regarding this!
Check if any of them require additional attributes or specific configurations when combined with other sources or for any dependency.
Make sure you have the latest data in ISC and Check the user account that the entitlement you are trying to provision is not already granted.
Make sure that the entitlement is requestable & not a privileged access which might be a restriction from the Source!

Hope this helps!!

CeeJ1 · October 16, 2024, 5:52pm

Hi everyone,

Thank you for helping me in troubleshooting this error. With that I’ll be closing this thread as this has already been resolved.
I had to remove all the access profiles and roles I have initially created for the first application I was testing then I re-onboard the application into SailPoint and did a testing for the role which was suggested by you guys and it worked fine.
So in conclusion it looks like it’s an error on the application itself. I’m just not sure why that error suddenly appeared even though we didn’t change any setup on it.

Topic		Replies	Views
SLACK access request provisioning error ISC Discussion and Questions apis , identity-security-cloud , provisioning , roles , access-requests , entitlements	6	41	October 18, 2024
Provisioning fails for users with multiple accounts from a same source ISC Discussion and Questions identity-security-cloud , provisioning , roles	7	253	July 15, 2024
Entitlement group not getting provisioned via Access Request ISC Discussion and Questions scim-connector , identity-security-cloud , provisioning , access-profiles , access-requests	7	34	November 13, 2024
Getting below Error while assigning it to the User the request access ISC Discussion and Questions workflows , apis , scim-connector , identity-security-cloud , provisioning , connectors , entitlements , sources	1	25	October 26, 2024
Roles not getting assigned to users with multiple accounts in the same source ISC Discussion and Questions identity-security-cloud , roles	17	101	November 21, 2024

Role Provisioning Error with an Access Profile and Entitlement

Related topics