Webservice Connector Entitlement Type Group not allowing the provision

Hi,
I have configured WSC source into IDN and able to do the entitlement aggregation. I have attach this entitlement into Role and tried the provisioning with Identity List criteria. But provision is not triggered, so i decided to use entitlement from account aggregation and use this in Role. Provision got triggered and user got created in WSC source.

  1. Did we need permission for the entitlement type group to provision?
  2. If not what is the issue I am facing?

Any solution will be helpful for me.

Thanks,
Shantha Kumar

hey @Santhakumar i honestly didn’t understood the exact problem. BUt i imagine you’re talking about entitlement provision on WSC.

Have you created a entitlement type? does it have a schemma? Have you configured the Add entitlement Operation?

best

Hi @Santhakumar ,
Try to reset your source then do entitlement aggregation first and then do the account aggregation, later try provisioning .I had a similar issue ,this methods works fine for me.Try it and do let me know for help.
Thanks!!

Hey @Santhakumar,

Background

We may need more information and screenshots, but I think I have an idea of what you’re running into.

When you create a new Entitlement Type, you will end up with new HTTP operations to use in order to aggregate and provision those entitlements.

Example & Demonstration

Entitlement Type

In the screenshot below, you can see I created a new Entitlement Type called Role.

Because I created this new Entitlement Type, I need to configure new HTTP operations to handle the aggregation and provisioning of this Role.

Connector Configuration - HTTP Operations

Within the connector configuration, proceed to HTTP Operations. Add a new operation. When browsing the Operation Type dropdown, you can scroll to the bottom and will see new operations with your entitlement type name appended. See screenshot below:

Within this dropdown, we now see:

  1. Get Object-Role
  2. Group Aggregation-Role
  3. Add Entitlement-Role
  4. Remove Entitlement-Role

These operations will need to be configured in order for ISC to handle the aggregation and provisioning (adding & removing) of these entitlements.


Let me know if this helps, and I wish you the best!

Here is the detail info:
I have onboarded entitlements from both account and entitlement aggregation. The entitlement aggregated through group aggregation are shown as type:“group” and through account aggregation are shown as type:“Entitlement”.

Scenario:

  1. want to provision the user to WSC source.
  2. attached the entitlement with type - group in the role and triggered the role changes but provision doesn’t triggered.
  3. when i attached the entitlement type - Entitlement in the role the provision got triggered and user got created in WSC source.
  4. But after some time i see the status called Add Entitlement Failed in account activity.

What is the possible reason for this behavior? How to resolve this?

Receiving this error in account activity:
image

@Santhakumar it sounds to me like account aggregation was executed before the mapping for the account attribute-entitlement type was set.

In order to correct this, you will have to reset the source so all accounts and entitlements are removed. Then, edit the account schema and find the attribute that is used to correlate to the entitlement(s) assigned to the account. This attribute should be set as an Entitlement and its type should be the entitlement type of group, as seen in the screenshots below:

Set the Type to Group

Mark as an Entitlement


The attribute you choose to mark as an entitlement should be the attribute that shares the same value as the Entitlement ID for the entitlement itself. Once this is configured, you will be able to aggregate accounts and entitlements and there will not be duplicates created.

Hi @brennenscott i have shared another screenshot above can u please check that issue also…

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.