Hi all
For a delimited files application, I am adding a custom attribute in account column and making it both managed and entitlement. So this attribute is available to use in Entitlement Catalogue.
I want to add the classification to this custom entitlement. Which rule can I use to add
Thanks
@maniG check this doc
Delimited File Application Configuration - Compass
you can use Managed Entitlement Customization Rule
@pravin_ranjan, I am already using the Schema Customization rule so SailPoint is not picking up the Managed Entitlement Customization Rule
Managed Entitlement Customization Rule: The Managed Entitlement Customization rule is called during creation of Managed Entitlements in an aggregation or refresh task, or in the Missing Managed Entitlements Scan task. This rule can modify the Managed Entitlement as it is being created, to set fields such as owner, requestable, or descriptions before they are saved.
try customization rule instead.
The thing is as we dont have any group schema defined, I cannot use group Schema Customization Rule.
But as their is overlap of Account Schema Customization Rule and Managed Entitlement Customization Rule, the Managed Entitlement Customization rule doesn’t run at all
When we needed to add classifications to our entitlements, that were essentially groups in AD, we used a refresh rule with the group aggregation.
Classification classf=context.getObjectByName(Classification.class, classificationName);
ObjectClassification objClassf=new ObjectClassification();
objClassf.setClassification(classf);
classificationName was set based on a few if/then statements to allow for the different classifications.
@LarryG , thats right and I have previously used the same
But this is a different case where we dont have a group schema defined, only a custom attribute added as Managed in account schema
So I dont have access to group Refresh Rule here
If you have the custom attribute in IIQ, you should be able to do it in a standard run rule. Iterate over the entitlement catalog with that custom attribute and then use setClassifcation(); on the entitlement in question.
That being said, without seeing it, I can’t be sure. I only gave the comment as I had to bang my head on it for awhile before figuring it out for our situation with AD and Entra.
Yes, that’s what I was thinking but wanted to see if there is some OOTB rule which can be configured and runs during aggregation itself
It would likely not be an OOTB rule since what you’re doing is custom. If you’re still running an aggregation but through accounts, you might be able to put a custom rule in “Optionally select a rule to assign capabilities or perform other processing on new identities” and achieve what you’re looking to do.
I’m not sure how you’re converting them into entitlements currently.
That rule will run for each identity so was thinking of avoiding it
I think I should go with a runRule after all as this will be run just for that entitlement
Thanks
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.