1 – Our process of adding a new access profile from a client tool, however each time we try to carry out the process we receive the following error:"“message”:“Exception while updating account.Url: /REST\ /INTERNET//usuario/profile, Message: 400 : Bad Request, HTTP Error Code: 400"”, the process we are using is:
The payload={"type":"I","login":"LOGINUSER","company":"0414","profileId":"9\ ","grupoId":"9\"","parceiroId":2 }, we noticed in the logs that the email is not coming, is there any other way to get the identity email to compose this call ?
2 - Another doubt is that in that same app when we perform the aggregation of entitlements we receive 20 entitlements, however when we perform the aggregation of accounts, it duplicates some of these entitlements.
Also, when a user has more than one entitlement for this app, it is not listed in the user’s account within IDNow, it is necessary to carry out some process to resolve this.
If email attribute is not part of the provisioning plan for access profile, $plan.email$ will be null and hence it is not coming. If email is already present on account you can do a GET call prior to this call and then use $response.email$ to pass the email value to POST call.
Something maybe incorrect in your account/group schema settings. Make sure you’ve marked the entitlement as multi-valued entitlement. Also, to avoid duplication verify the values being aggregated from both API calls, as long as values are same (similar response mapping), IDN won’t create any duplicates.
Hello Sharvari,
The call to the user aggregation API does not bring email, is it possible to make this response.email if the attribute is not brought by the application’s user aggregation API?
About the aggregation of accounts apparently everything is right, I don’t know why it brings group values in this aggregation. Is there any way to validate if there is anything incorrect in the process?
No, you cannot use response.email if its not part of user aggregation API and not returned by GET call.
You can try to setup email attribute using the Attribute Sync functionality in source and use Update Account operation to POST the email (using $plan.email$) to account using a separate API call.
Verify the user API response from Postman, if the user aggregation response includes entitlements and they are mapped in response mapping, they will be aggregated. If you don’t want them to be aggregated, remove them from response mapping in Account aggregation operation.