This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Creating entitlements via the API

DanJ
New Contributor
New Contributor

‎03/16/2023 08:21 AM

Hi all

I wish to delegate the ability to create and update entitlements via the API (5.5SP3). Specifically to create an entitlement in an AD-based endpoint.

I identified a group in AD, and an entitlement is already reconciled in the main AD endpoint. I created a new endpoint and an entitlement type, then created an entitlement for that group in the new endpoint. However it does not reconcile. Is this because it does not exist in the ENDPOINT_FILTER in the AD connection? If this is the case, does it mean that I would need to delegate access to update the connection? This is not a satisfactory solution.

(I take it this is the only way to update a connection, seems a little odd.)

If there is no way around this, what have others done? I looked at Keycloak, which appears like it might be able to help but I know little about it so I'm reluctant to get too far down a rabbit hole with that. Or it would be relatively easy to create an intermediate REST API running as an admin which could do this, but ideally I want to avoid custom external code.

what have others done in this area?

Labels:
0 Kudos
1 REPLY 1

Darshanjain
Saviynt Employee
Saviynt Employee

‎03/17/2023 01:07 AM

Hi @DanJ 

I couldn't clearly understand what you are looking but as per what i understood, if you are using create/update entitlements Api to create/manage entitlements, then please use the AD group management 

https://docs.saviyntcloud.com/bundle/EIC-Admin-v2022x/page/Content/Chapter07-General-Administrator/C...

Also as you said you created a new endpoint ( under same security system ), Also what did you keep it as primary endpoint if its same SS and entitlement type . If you manage them as parent and child then it has to be present in the endpoint filter, if its two separate security system you would need to run different jobs.

If you are not clear enough, please let me know your exact requirement

 

Thanks

Darshan 

 

 

0 Kudos
Copyright © 2023 Khoros, LLC