Single value entitlement restriction on end system

Hi forum!

I am setting up a Web Services connector to a target system that only allows one entitlement at a time on a user. When a new entitlement is added to the user the target system simply replaces the old one with the new one. I have noticed that ISC tries to add both the new entitlement and the old entitlement, and my guess is that the reason for this is that the old entitlement hasn’t been ordered for removal in ISC, and so according to ISC logic the user should have both. The result is that ISC and target system become unsynchronised, and the user gets the wrong entitlement as the new entitlement is provisioned and directly after the old entitlement is previsioned again.

Has anyone else faced the same constraint? Is there a way to automatically remove existing entitlement on the user when requesting a new one? Or perhaps there is another way of solving it?

Grateful for all input.

How are you provisioning the entitlement? Entitlement and role requests are “sticky” but Access Profile requests are not. Consider using APs for provisioning. See How to Handle Requestable Entitlements and Avoid Stickiness

HI @alex_stj After provisioning, try to run single account aggregation. As target system assign only one entitlement, post aggregation only that entitlement will be tagged to account and other on will be removed from Identity.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.