Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Mapping Entitlements from a different endpoint during create account

Ben
New Contributor III
New Contributor III

Hi All,

Requirement - Map an entitlement from a one endpoint (Okta) when an account is created in target application to enable SSO.

Situation - I've onboarded an application that exposes a SCIM endpoint but does not expose any entitlements. I arbitrarily mapped a specific account attribute (user type) as an entitlement, thinking I could then use this with entitlement mapping to map across to the Okta application to enable SSO to the application post account creation.

Issue - Create Account JSON does not do any entitlement mapping for accounts (from my understanding) and the entitlements will only map to the account using the import account and import access scheduled jobs, which will be scheduled.

Is there a way to map entitlements across endpoints as part of the create account process?

8 REPLIES 8

rushikeshvartak
All-Star
All-Star

No you can't map entitlements as part of create account json


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Ben
New Contributor III
New Contributor III

Hi @rushikeshvartak,

As I said, i know this can't be done as part of the create account json.

I'm just wondering if there is a way to achieve this as part of the overall create account process. We have a large number of apps where we would need to create an account in the target application and also provide access to the application via our IDP (different endpoint entitlement) at the same time.

NM
Valued Contributor
Valued Contributor

Hi @Ben, if you want to assign a group at the time of account creation ftom a particular endpoint for SSO.. you can use entitlement with new account functionality.

Ben
New Contributor III
New Contributor III

Thanks, @NM. This is exactly what I was looking for!

There is known issue that if request gets rejected entitlement will be still assigned 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

NM
Valued Contributor
Valued Contributor

@rushikeshvartak , is it in newer or older verison .. haven't encountered it

I have seen in older versions


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Use Enterprise roles


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.