We have an application where the schema account ID is generated in the target system. And new account ID is uses assigning entitlement.
Here is my current situation:
HTTP Operation
Status
Description
1
Account aggregation
Success
-
2
Entitlement aggregation
Success
-
3
Create account and add entitlement
Not successful
The account was created in the target system but account does not have the entitlement. IDN SaaS assigned the role already, and the new account’s nativeIdentity shows ‘???’. This will disappear once the target source aggregation is complete.
4
Add entitlement to existing account
Success
-
5
Remove entitlement from existing account
Success
-
6
Aggregate target system, then start modify operation and add entitlement
Success
nativeIdentity mapped after target source aggregation
Did you set up a Response Mapping in the ‘Create Account’ Operation? After the connector has initiated the creation of the account, ISC will need confirmation from the target that the account has been created successfully.
As Kyle mentioned, the ‘???’ will appear if the account id is not properly mapped from the response of the create account. Are you sure the mapping for this is correct?
If you would like to create the account with the entitlement, as opposed to using a separate operation (Add Entitlement), ensure you have checked the “Create Account with Ent Request” in the additional settings. If you do not have this checked and are using two operations, the Add Entitlement will not work if the account ID is not mapped correctly in the response object of the create account.
If you are still unsure, please provide some information on the response body of the create account, response mapping, and account schema.
Q1: Did you set up a Response Mapping in the ‘Create Account’ Operation?
After the connector has initiated the creation of the account, ISC will need confirmation from the target that the account has been created successfully.
A1: I configured the $response.id$ response mapping, but it seems to have failed to successfully configure the nativeIdentity. If there is a recommended configuration, I would appreciate it if you could let me know.
After the create operation is executed, the response returns the following JSON body:
A2: Actually, I attempted to configure Get Object API like GET /Users/, but it was not successful. I am not sure if it is because the nativeIdentity attribute could not be found, but the get object operation did not function correctly after the create operation.
Yes, as you mentioned, the create operation was successful, but the subsequent add entitlement only occurs within the SaaS and does not provision to the actual target system due to the nativeIdentity not being correctly mapped.
I did not check the “Create Account with Ent Request” option because the endpoints for creating accounts and assigning entitlement groups are different.
It seems that the nativeIdentity mapping is the primary issue. I would greatly appreciate any suggestions on how to resolve this correctly.
That ‘Schema Attribute’ is the attribute you have defined in your Account Schema. Assuming within your account schema you have set the NativeIdentity as id and in your Response Information you have a $ in your Root Path -
Please try the following values:
Schema Attribute = id
Attribute Path = id
I am facing a similar issue .
The scenario is same , but :
Unable to see native Identity after account creation , it is showing ???. Can be seen after aggretaion.
The roles are not shown after aggregation , can be seen before aggregation
The request is shown as completed .
Account Schema is set up as mentioned above . No get single object is performed
I recommend setting the NativeIdentity correctly with response mapping.
IdentityNow SaaS does not know the exact ID when creating an account because the target system generates the ID itself.