Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Fetching selected entitlement value in dynamic attribute or Create account JSON.

smithamg
Regular Contributor
Regular Contributor

Hi team,

We have a disconnected application, entitlement (Role) is selectable based on the Area and PSL value (2 dynamic attributes). 

Now we are making it as connected application using ootb Rest connector. Below is the API payload for creating user,

<?xml version="1.0" encoding="UTF-8"?>
<ManageSFSUserAccess>
    <Action>Create</Action>
    <HALID>User name</HALID>
    <FirstName>FirstName</FirstName>
    <LastName>LastName</LastName>
    <Area>North America (US/Canada)</Area>
    <PSL>Production Enhancement</PSL>
    <Role>Read Only</Role>
</ManageSFSUserAccess>

Please let me know if 

1) I can fetch the selected entitlement value in Role field in createAccountJSON

2) Create a dynamic attribute for Role selection which is dependent on Area and PSL value selection

3) Create a dynamic attribute to hold the entitlement value which I can pass in JSON

Thanks,
Smitha

4 REPLIES 4

nimitdave
Saviynt Employee
Saviynt Employee

1. Create Account JSON will not have a reference to any entitlements.

2. Your dynamic attribute approach will work only if user is allowed to select one role while requesting. Also the DA value can be determined by other DAs but not on the basis of selected/existing list of entitlements on the page.

 

smithamg
Regular Contributor
Regular Contributor

Yes, user is allowed to select one role at a time. But the problem is Role value is dependent on 2 DAs i.e. Area and PSL (PFA role mapping example)

Currently I have below query in Config for Requestable Entitlement in ARS to achieve the same.

ev.customproperty1='${Area}' and ev.customproperty2='${PSL}' and ev.status=1

How to implement this with DA approach. Kindly suggest.

Thanks,
Smitha

Manu269
All-Star
All-Star

Hello,

1. One of the possible options is you capture the requisite details around roles in the custom Property of roles (In this case entitlement I believe).

2. Once this is done, on the endpoint you can create 2 dynamic attributes at the particular endpoint.

3. You can create DA of using the required query .

For more details refer this :

https://docs.saviyntcloud.com/bundle/EIC-Admin-v2020x/page/Content/Chapter02-Identity-Repository/Vie...

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

nimitdave
Saviynt Employee
Saviynt Employee

Have 3 DAs as below:

Area,PSL and Role

Role will have parent as PSL, PSL will have parent as Area.

User will select Area,then PSL and then Role. Use DA in the create account json.

But on success of the create account task you will not see Account to Role mapping in Account profile. That will be available post recon only.