Web service connector: List just one entitlement

reinajss · June 3, 2023, 1:05am

Helo,

Can you help us with these 2 questions?

1 – Our process of adding a new access profile from a client tool, however each time we try to carry out the process we receive the following error:"“message”:“Exception while updating account.Url: /REST\ /INTERNET//usuario/profile, Message: 400 : Bad Request, HTTP Error Code: 400"”, the process we are using is:

{
     "type": "I",
     "login": "$plan.nativeIdentity$",
     "company": "0414",
     "profileId": "$plan.profile$",
     "groupId": "$plan.profile$",
     "partnerId": 2,
     "email": "$plan.email$"
}

The payload={"type":"I","login":"LOGINUSER","company":"0414","profileId":"9\ ","grupoId":"9\"","parceiroId":2 }, we noticed in the logs that the email is not coming, is there any other way to get the identity email to compose this call ?

2 - Another doubt is that in that same app when we perform the aggregation of entitlements we receive 20 entitlements, however when we perform the aggregation of accounts, it duplicates some of these entitlements.
Also, when a user has more than one entitlement for this app, it is not listed in the user’s account within IDNow, it is necessary to carry out some process to resolve this.

Thank you very much in advance.

sharvari · June 6, 2023, 1:04pm

If email attribute is not part of the provisioning plan for access profile, $plan.email$ will be null and hence it is not coming. If email is already present on account you can do a GET call prior to this call and then use $response.email$ to pass the email value to POST call.
Something maybe incorrect in your account/group schema settings. Make sure you’ve marked the entitlement as multi-valued entitlement. Also, to avoid duplication verify the values being aggregated from both API calls, as long as values are same (similar response mapping), IDN won’t create any duplicates.

reinajss · June 6, 2023, 6:34pm

Hello Sharvari,
The call to the user aggregation API does not bring email, is it possible to make this response.email if the attribute is not brought by the application’s user aggregation API?

About the aggregation of accounts apparently everything is right, I don’t know why it brings group values in this aggregation. Is there any way to validate if there is anything incorrect in the process?

Thank you in advance.

sharvari · June 7, 2023, 12:36pm

No, you cannot use response.email if its not part of user aggregation API and not returned by GET call.

You can try to setup email attribute using the Attribute Sync functionality in source and use Update Account operation to POST the email (using $plan.email$) to account using a separate API call.

Verify the user API response from Postman, if the user aggregation response includes entitlements and they are mapped in response mapping, they will be aggregated. If you don’t want them to be aggregated, remove them from response mapping in Account aggregation operation.

Topic		Replies	Views
Web Service accounts aggregation without entitlements ISC Discussion and Questions identity-security-cloud	12	179	November 25, 2025
Issue with Web Services Connector and entitlements ISC Discussion and Questions webservice-connector , apis , identity-security-cloud	5	1018	November 17, 2023
Duplicate Entitlements from Account Aggregation and Group Aggregation ISC Discussion and Questions webservice-connector , identity-security-cloud , entitlements	8	266	July 25, 2024
Group, Entitlement and Access Profile is removed after account aggregation ISC Discussion and Questions webservice-connector , apis , aggregation , identity-security-cloud , provisioning , isc-questions-and-answers	5	136	December 9, 2024
Entitlement Assignments tab is empty after account creation in target source ISC Discussion and Questions webservice-connector , aggregation , identity-security-cloud , provisioning , entitlements	4	172	July 11, 2025

Web service connector: List just one entitlement

Related topics