The most effective approach to modify the application type?

Which IIQ version are you inquiring about?

Version 8.4

Share all details related to your problem, including any error messages you may have received.

We have an application currently defined as a Web service application type, and we would like to transition it to a SCIM-based application type. The challenge we face is that the entitlement names in the Web service are different from those in SCIM. SCIM represents entitlements with long alphanumeric strings, while the existing entitlements are named according to their actual titles.

We want to keep the role membership intact, what’s the best way to update the entitlement names in the IT role such that it will not affect anything in IIQ wrt to the identity role entitlement mapping

I would create a rule for this to update the values in the profile of the IT roles based on a translation ‘table’.

It all depends on the amount of impacted entitlements.

To create the translation table I would add both applications in a lower environment, export the entitlements (Entitlement Catalog-> Export) and do some magic in Excel.

– Remold

1 Like

I would do that slightly different -

Create customization rule for managed attributes and in this rule i would look for the old entitlement via eg. Mapping table like Remold mentioned. In the final step once you have the old entitlement i would find all itroles which have this entitlement and change it there.

I would say also explore the option of “Enable Native Identity Change Event propagation”

Thanks for the response, I am able to update the profile with the new entitlement values. I was looking at the best approach to make sure there is minimal/no impact on the existing users.

The approach I figured out:

  1. Update the entitlements (via a run rule task)
  2. Reconfigure the connector (using the Application Reconfigure feature)
  3. Run the Aggregation
  4. Run the Identity Refresh Task