We have an application that supports Single Valued Entitlement. When the first entitlement is requested, it worked fine and entitlement gets provisioned. But when the second entitlement is requested for the same user, the expectation is it should override the existing one. However, we are seeing strange behavior in the search history of the user where it is trying to add both of them i.e. the old entitlement as well as the new entitlement.
Can anyone help here what could be the issue? ?Just to add we are using JDBC Provision Connector Rule.
Can you confirm how you are requesting those entitlement?
- Is it requestable role?
- Is it criteria based role assignment?
- You are using application in IdentityNow to request those entitlements?
This is a direct entitlement not bundled in any role or application. We are requesting through IDN request center.
However, we are seeing strange behavior in the search history of the user where it is trying to add both of them i.e. the old entitlement as well as the new entitlement.
If you are seeing this then it looks like support case.
Okay. So just to clarify this should be OOTB feature of the connector where it should overwrite the existing entitlment with the new one?
We don’t need any additional code to handle this scenario…right?
No, OOTB feature is not overwrite. This is responsibility of custom code you are developing but as per your comment you are saying it is sending both.
From what I am understanding below are the steps in your case.
- User requests E1, he gets E1.
- Same user requests E2 and IdentityNow is sending E1 and E2 both in plan.
If this is what you are seeing then it should not happen. I do not think this would ever happen because this is platform behavior and it never goes wrong. It’s just you are mistaken somewhere. You need to contact support to have more discussion or ES as per your requirement.