Search API Entitlement Information For A Particular Identity

Identity Security Cloud (ISC) ISC Discussion and Questions
, , ,
1

Hello Experts,

I have a scenario where I have to design a workflow where I pull an identity for a specific trigger condition and then fetch user’s entitlement metadata on a particular source only. And use that metadata information [metadata have email information] from the entitlement to send email to another person. I was planning to use Search API to fetch user information and pull the entitlement metadata, but it seems search API is not pulling entitlement metadata at all.

Is there any way I can pull entitlement metadata in workflow HTTP request and use that information in next workflow steps?

Any help would be appreciated.

2

Hi @kdfreeman,

You can use get-entitlement | SailPoint Developer Community beta API to get the entitlement meta data of any entitlement based on the UUID of the entitlement.

You can configure this API as a HTTP request in your workflow by passing the input as the UUID of the entitlement that is present for the user and get the metadata as the response of this action.

Thank you.
Shanmukh

1 Like
3

All Entitlements, Access Profiles and Roles are returned inside an array named “access” in Search API response. Here is a typical ENTITLEMENT

"access": [
	{
		"requestCommentsRequired": false,
		"schema": "group",
		"cloudEligible": false,
		"displayName": "Everyone",
		"standalone": true,
		"source": {
			"name": ".......................",
			"id": "........................."
		},
		"type": "ENTITLEMENT",
		"enabled": false,
		"privileged": false,
		"name": "Everyone",
		"disabled": false,
		"id": "..............................",
		"requestable": false,
		"attribute": "groups",
		"value": "..............................",
		"cloudGoverned": false
	},
        ....
]
4

@iamnithesh , Exactly. I was planning to use the entitlement info inside Access array. But, what I am looking is the metadata of the entitlement. Using search API, metadata is not pulling in the entitlement information. Only name and value can be seen of the entitlement.

When you use get Entitlement API using ID, you can see metadata info as well of that particular entitlement. But not from search API.

5

Hi @kdfreeman

It seems you may have to combine the suggestions from the previous comments to get what you need, use the search API to get the entitlement IDs, then use loop over those and use the get-entitlement API to get the metadata.

6

Are you able to filter the required entitlement from the response from Identity Search? If so, you can send another request to Entitlement API with the id to fetch full details