8.3
We have a scim connector that points to an application. When we add an entitlement, a group, to an account the account gets updated on the endpoint but the link doesn’t get updated in iiq.
How can we keep the link in sync with the account on the end point?
Can you please provide a screenshot of your issue?
Thanks
I am not exactly sure how to do that. There is not an error. It is a picture of a link without group entitlements.
Just provide the picture of that and you can tell what it should look like.
<entry key="active">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="displayName" value="SPUpgradeTest0054 COCHRANE III"/>
<entry key="externalId" value="28432022042901137474150"/>
<entry key="groups">
<value>
<List>
<String>83624593917124</String>
<String>83855001607868</String>
<String>87479558496050</String>
</List>
</value>
</entry>
<entry key="id" value="71414961809622"/>
<entry key="roles"/>
This one is bad
<entry key="active">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="displayName" value="SPUpgradeTest0054 COCHRANE III"/>
<entry key="externalId" value="28432022042901137474150"/>
<entry key="id" value="71414961809622"/>
<entry key="roles"/>
Are you running aggregation?
Try running aggregation and see if the data is coming or not?
I can get the data to show up correctly after taking these steps. I was hoping to not have to run all these steps, or kick off targeted aggregations automatically after a role was added or removed from a user in sailpoint. It just seems clunky to have to do all of those every time.
Assign Role to User
Triggers provisioning to create the Databricks account.
Adds the user to the “Account Users” group in Databricks.
Run Identity Refresh
Synchronizes the new account Link to the Identity Cube.
Calculates identity attributes and re-evaluates role memberships based on the new account data.
Adds account to sailpoint group in databricks
Run Group Aggregation
Updates ManagedAttributes in the IIQ Entitlement Catalog with the latest metadata from Databricks.
Ensures IIQ recognizes existing group memberships directly from the source.
Run Account Aggregation
Pulls the latest account data from Databricks.
Links the ManagedAttributes to the specific user account.
Updates the Identity XML to reflect these group associations internally.
Run Identity Refresh
Finalizes the Operational View by re-calculating the Identity Cube.
Makes the updated group memberships visible for governance, reporting, and certifications.
If you do not want to run this process manually. It needs to be scheduled in IIQ. Usually in organization, we schedule these tasks, so all this work can be done automatically and no manual intervention is needed from SailPoint side to run the tasks manually.
Hope it answers your question.
Thanks Manish
Sounds like there is nothing wrong with the integration, it is working as it is supposed to. It is just different than other adapters. We need to get he refreshes and aggregations scheduled along with out other daily scheduled tasks.
Yes, thats correct. You can mark it resolved if it helps.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.