WebService Add Entitlement

nikhi098 · November 24, 2025, 6:17pm

We have an internal home made application which only connection method for provisioning WebService with one operation for create and update accounts. However this web service does not include any read for entitlements.no endpoint

Should we need to write a rule ?

Chaithu9110 · November 24, 2025, 6:46pm

no need rule
you can create new Aggregate group method. In this method you must set a valid url context (for example context url to test connection).

In Response attribute mapping section, you can set a attribute name of your group schema, and static value in the attribute pacth value. For example you can create a attribute in your group schema called EntName, and in the attribute path, you can set the value ./“EntitlementTest”

Then, If you execute aggregate group task, EntitlementTest entitlement will be created

alfi_fulgencio · November 24, 2025, 6:57pm

Im not understanding the question. are saying your homegrown application doesn’t have a way to pull accounts and asking should you create it ? if so , only if you need to know who’s in that system. when you create an account via SailPoint , it will create a link in the identity. Same goes for updating entitlements depending on the response from your system. if there is no response body or its does not include list of entitlements then there no way to verify it was added. If you have another way to pull that data then yes you can use a WebServiceAfterOperationRule to get that data and add it to the processedResponseObject .

for(Map record:processedResponseObject)
  {
   if (record != null)
    {
        log.debug( "map value is " + record);
         String idval = (String) record.get("id");
         log.debug( "The id is :  " + idval);
         record.put("groups", somedatavalue);
     }     
  }

margocbain · November 24, 2025, 9:06pm

Hi Nikhi,

I’d recommend that the app team develop an API for you to read the accounts and entitlements. It is going to be the most straightforward way to do it, though the others above have mentioned some ways you can ‘hack’ it. It will always be better to get it from a direct API. Plus, if you add rules to get around the lack of API endpoint, the ownership for all the users showing in SailPoint will be solely on the IAM team, when really the app team should own the endpoint to give you all users

system · January 23, 2026, 9:07pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Use after operation rule to create entitlements in SailPoint ISC Discussion and Questions webservice-connector , rules , identity-security-cloud , entitlements	6	195	November 2, 2025
How to create entitlement manually in webservice connector? ISC Discussion and Questions webservice-connector , identity-security-cloud , entitlements	9	781	May 21, 2024
ISC Webservice HTTP operation account created but entitlement not added ISC Discussion and Questions webservice-connector , identity-security-cloud , provisioning	13	433	January 24, 2025
How to provision a webservice account that are no entitlement ISC Discussion and Questions identity-security-cloud	2	557	May 21, 2024
Web Service Connector ISC Discussion and Questions webservice-connector , identity-security-cloud , entitlements	6	138	December 9, 2025

WebService Add Entitlement

Related topics