The target source's nativeIdentity is missing during the create operation using the WSC

Hi Experts,

We have an application where the schema account ID is generated in the target system. And new account ID is uses assigning entitlement.
Here is my current situation:

image1875×908 46.2 KB

I hope you can suggest any helpful ideas.

Hi Jaewon,

1. Did you set up a Response Mapping in the ‘Create Account’ Operation? After the connector has initiated the creation of the account, ISC will need confirmation from the target that the account has been created successfully.
2. Did you setup a ‘Get Object’ Operation?

If those 2 do not help, can you provide any logs?

Kind Regards,

Hi @jwshin,

As Kyle mentioned, the ‘???’ will appear if the account id is not properly mapped from the response of the create account. Are you sure the mapping for this is correct?

If you would like to create the account with the entitlement, as opposed to using a separate operation (Add Entitlement), ensure you have checked the “Create Account with Ent Request” in the additional settings. If you do not have this checked and are using two operations, the Add Entitlement will not work if the account ID is not mapped correctly in the response object of the create account.

If you are still unsure, please provide some information on the response body of the create account, response mapping, and account schema.

Hi @kyle1

image1277×470 13.8 KB

Q1: Did you set up a Response Mapping in the ‘Create Account’ Operation?
After the connector has initiated the creation of the account, ISC will need confirmation from the target that the account has been created successfully.

A1: I configured the $response.id$ response mapping, but it seems to have failed to successfully configure the nativeIdentity. If there is a recommended configuration, I would appreciate it if you could let me know.

After the create operation is executed, the response returns the following JSON body:

{
    "id": "yy-zz-gg-zz", //this is account id (schema)
    "meta": {
        "created": "2024-06-20T07:22:49Z",
        "lastModified": "2024-06-20T07:22:49Z",
        "location": "https://targetSystem.com/something/Users/xx-yy-zz-xx",
        "version": "zz-zz-zz-zz",
        "resourceType": "User"
    },
    "schemas": [
       //something
    ],
    "userName": "IdentityNow UID", // IdentityNow authoritative source id
    "name": {
        "familyName": "fname",
        "givenName": "gname"
    },
    "userType": "public",
    "active": true,
    "emails": [
        {
            "value": "[email protected]",
            "primary": true
        }
    ],
    "urn:xxx:User": {
        "emails": [
            {
                "value": "[email protected]",
                "primary": true
            }
        ],
        "userUuid": "xx-xx-xx-xx",
        "mailVerified": false,
        "userId": "xxxx",
        "status": "active"
    }
}

Q2: Did you set up a ‘Get Object’ Operation?

A2: Actually, I attempted to configure Get Object API like GET /Users/, but it was not successful. I am not sure if it is because the nativeIdentity attribute could not be found, but the get object operation did not function correctly after the create operation.

Regards,

Hi @bcariaga ,

Yes, as you mentioned, the create operation was successful, but the subsequent add entitlement only occurs within the SaaS and does not provision to the actual target system due to the nativeIdentity not being correctly mapped.

I did not check the “Create Account with Ent Request” option because the endpoints for creating accounts and assigning entitlement groups are different.

It seems that the nativeIdentity mapping is the primary issue. I would greatly appreciate any suggestions on how to resolve this correctly.

Regards,

Hi @jwshin,

That ‘Schema Attribute’ is the attribute you have defined in your Account Schema. Assuming within your account schema you have set the NativeIdentity as id and in your Response Information you have a $ in your Root Path -

Please try the following values:
Schema Attribute = id
Attribute Path = id

Kind Regards,

Hi @kyle1

Here’s additional info about configuration

account schema
ID : Account ID (target system generate)
USERNAME : Account Name and IDN uid
value : group entitlement
display : group description

image1330×887 49.7 KB

Create Account Response Info

image1665×560 20.4 KB

Create Account Response Mapping

image1639×606 32.5 KB

search error log

image1785×887 74.1 KB

Regards,

Please try remove the $ from the Root Path in the Response Information tab.

Also make the following change to the Response Mapping tab:
Schema Attribute = ID
Attribute Path = id

Let me know the results.

Hi @kyle1 ,

Thanks, it works. Based on your advice, I have realized the importance of accurately mapping the account attributes.

Regards,

Hi,

And what to do if after create operation, the API return empty response?

image1432×414 34.3 KB

Hello Everyone !

I am facing a similar issue .
The scenario is same , but :
Unable to see native Identity after account creation , it is showing ???. Can be seen after aggretaion.
The roles are not shown after aggregation , can be seen before aggregation
The request is shown as completed .

Account Schema is set up as mentioned above . No get single object is performed

Hi @sidharth_tarlapally ,

I recommend setting the NativeIdentity correctly with response mapping.
IdentityNow SaaS does not know the exact ID when creating an account because the target system generates the ID itself.

create account > response mapping
please check schemaAttribute and attribute path.

Regards,