Troubleshooting

Identity Security Cloud Governance connector does not provision multiple access simultaneously

Resolution:This is an API limitation wherein more than one entitlement cannot be requested simultaneously. You may either send a request for two entitlements one after another or include all required entitlements in a single access profile and then, provision it.

The following error appears during test connection:

[ConnectorError] Error while generating token: xxxxxxx Bad client credentials (requestId: xxxxxxxxx)

Resolution: Create an IP Address Allow List to enable access to the API. For more information regarding the steps to configure the IP Address Allow List, refer to IP Address Allow List.

Resolution: The connector supports only the filters listed on this page; any other filters, such as "like" is not supported.

The following error appears during any provisioning operation:

sp-connect command timed out.

Resolution: Add the following entry to the source XML using the REST API in the body of the PATCH request:

[{ "op": "add", "path": "/connectorAttributes/provisioningTimeout", "value": "600" }]

Note
For more information on SailPoint's REST APIs, refer to Best Practices: REST API Authentication and REST API - Update Source (Partial) in the SailPoint Developer Community.

The following error appears during update account operation:

[ConnectorError] update account operation failed for: xxxxxxx Request failed with status code 400 (requestId: xxxxxxxxx)

Resolution: Ensure to deselect the User Level Caching to avoid creating cache during update, and then retry performing update account operation. For more information, refer to Aggregation Settings.

Resolution: Add the following entry to the source XML using the REST API in the body of the PATCH request (The value can be increased up to 3600):

[{ "op": "add", "path": "/connectorAttributes/aggregateTimeout", "value": "600" }]

If the read user (get object) operation is not bringing updated details without any errors after a create or update provisioning operation, follow the resolution steps below.

Resolution:

Add the following entry to the source XML using the REST API in the body of the PATCH request:

[{ "op": "add", "path": "/connectorAttributes/getObjectDelay", "value": 25 }]

The default value of getObjectDelay is 20 seconds. This entry sets the getObjectDelay attribute to 25 seconds, allowing sufficient time for the changes to propagate before the read user (get object) operation is performed.

To resolve this issue, one of the possible solutions is configuring customizer.

Resolution : Ensure that the identityState and identityStatus attributes are added to the Account Schema of the ISC Governance connector. For more information, refer to Enable/Disable Statuses of Accounts

Refer to the Customizers documentation in the developer community and follow the steps to create, deploy, and link the customizer to the source using the SailPoint CLI.