Hi,
I have configured WSC source into IDN and able to do the entitlement aggregation. I have attach this entitlement into Role and tried the provisioning with Identity List criteria. But provision is not triggered, so i decided to use entitlement from account aggregation and use this in Role. Provision got triggered and user got created in WSC source.
Did we need permission for the entitlement type group to provision?
Hi @Santhakumar ,
Try to reset your source then do entitlement aggregation first and then do the account aggregation, later try provisioning .I had a similar issue ,this methods works fine for me.Try it and do let me know for help.
Thanks!!
Because I created this new Entitlement Type, I need to configure new HTTP operations to handle the aggregation and provisioning of this Role.
Connector Configuration - HTTP Operations
Within the connector configuration, proceed to HTTP Operations. Add a new operation. When browsing the Operation Type dropdown, you can scroll to the bottom and will see new operations with your entitlement type name appended. See screenshot below:
Here is the detail info:
I have onboarded entitlements from both account and entitlement aggregation. The entitlement aggregated through group aggregation are shown as type:“group” and through account aggregation are shown as type:“Entitlement”.
Scenario:
want to provision the user to WSC source.
attached the entitlement with type - group in the role and triggered the role changes but provision doesn’t triggered.
when i attached the entitlement type - Entitlement in the role the provision got triggered and user got created in WSC source.
But after some time i see the status called Add Entitlement Failed in account activity.
What is the possible reason for this behavior? How to resolve this?
@Santhakumar it sounds to me like account aggregation was executed before the mapping for the account attribute-entitlement type was set.
In order to correct this, you will have to reset the source so all accounts and entitlements are removed. Then, edit the account schema and find the attribute that is used to correlate to the entitlement(s) assigned to the account. This attribute should be set as an Entitlement and its type should be the entitlement type of group, as seen in the screenshots below:
The attribute you choose to mark as an entitlement should be the attribute that shares the same value as the Entitlement ID for the entitlement itself. Once this is configured, you will be able to aggregate accounts and entitlements and there will not be duplicates created.