Skip to content

Aggregating Entitlements

You can run an entitlement aggregation to collect information from a direct connect source just as you can aggregate accounts: manually or on a schedule. Flat file sources can only be manually aggregated.

Aggregating Entitlements for a Direct Connect Source

  1. Go to Admin > Connections > Sources.

  2. Select or edit the direct connect source you want to aggregate entitlements on.

  3. In the Entitlement Management section, select Entitlement Aggregation.

  4. In the Entitlement Aggregation section:

Starting a Manual Aggregation

From the Entitlement Aggregation page, select Start Aggregation to start a manual aggregation.

Entitlement Aggregation screen. There is a Start Aggregation button to trigger a manual aggregation. The aggregation schedule option is not enabled.

Your aggregation begins immediately and occurs once. Information about the most recent entitlement aggregation is displayed under Latest Entitlement Aggregation. To view the list of all entitlement aggregations, go to the Aggregation History page.

Scheduling Recurring Aggregations

  1. From the Entitlement Aggregation page, select Enable Schedule.

    Entitlement Aggregation screen. The aggregation schedule option is enabled and the frequency is set to occur every month on day 1 at 6 AM.

  2. Choose how often the aggregation should run:

    • Daily: choose starting time and frequency
    • Weekly: choose day of week and time
    • Monthly: choose day of month and time

    Notes

    • If you choose Daily, the time period selected in the Reoccurs Every field determines how often the aggregation occurs after the time selected. For example, if you schedule a daily aggregation for 5 PM to recur every 4 hours, the aggregation will run only at 5 PM and 9 PM, depending on the load.
    • The time zone (GMT offset) for the entitlement aggregation schedule is determined by the time zone set for the connected virtual appliance cluster.

  3. Select Save

The aggregation is added to the processing queue at the time you defined. Other queued or in-progress operations might delay the start of your aggregation.

Aggregating Specific Entitlement Types

Some source types support entitlement type edits and aggregations through the UI. For those sources, you can specify which entitlement types are aggregated on a one-time manual basis or schedule recurring aggregations.

To manually aggregate by specific entitlement type:

  1. In the Entitlement Aggregation page, select Specific Types and choose which entitlement types will be aggregated for this source:

  2. Select Start Aggregation to start a manual aggregation.

Your aggregation begins immediately and occurs once. Information about the most recent entitlement aggregation is displayed under Latest Entitlement Aggregation. To view the list of all entitlement aggregations, go to the Aggregation History page.

To schedule recurring entitlement type aggregations:

  1. From the Entitlement Aggregation page, select Enable Schedule.

    Entitlement Aggregation screen. The entitlement aggregation is set to all types. The aggregation schedule option is enabled and the frequency is set to occur every month on day 1 at 6 AM.

  2. Select Specific Types and choose which entitlement types will be aggregated for this source.

  3. Choose how often the aggregation should run:

    • Daily: choose starting time and frequency
    • Weekly: choose day of week and time
    • Monthly: choose day of month and time

    Notes

    • If you choose Daily, the time period selected in the Reoccurs Every field determines how often the aggregation occurs after the time selected. For example, if you schedule a daily aggregation for 5 PM to recur every 4 hours, the aggregation will run only at 5 PM and 9 PM, depending on the load.
    • The time zone (GMT offset) for the entitlement aggregation schedule is determined by the time zone set for the connected virtual appliance cluster.

  4. Select Save

The aggregation is added to the processing queue at the time you defined. Other queued or in-progress operations might delay the start of your aggregation.

Aggregating Entitlements for a Flat File Source

You can aggregate entitlements from a flat file source by uploading a flat file containing your entitlement data. It is not possible to schedule recurring entitlement aggregations or configure multiple entitlement types for a flat file source. The most common type of flat file source is a delimited file.

To upload entitlements from a flat file source:

  1. Go to Admin > Connections > Sources.
  2. Select or edit the flat file source you want to add entitlements to.
  3. In the Entitlement Management section, select Entitlement Aggregation.
  4. Use the dropdown list to select the entitlement type to aggregate.

  5. If you are creating a file to upload for the first time, select Download Entitlement Schema to download the .csv template with the required columns.

    All default entitlement schemas will include at least these columns:

    • id - the unique identifier for the entitlement
    • name - the technical name for the entitlement
    • displayName - the name for the entitlement that displays in the Identity Security Cloud UI
    • description - the description of the entitlement visible in the UI and during certifications

    The id column is required for each entitlement. This is the unique identifier for the entitlement and is matched to the values in the entitlement column of the account schema.

    Note

    The file you upload for a source must use the column headings included in the entitlements template for that source. Column headings differ based on the type of source you're downloading entitlements from.

  6. Enter your entitlement information in the .csv file with the required columns or edit your existing entitlements file to include the template's column headings.

    Important

    • Names and descriptions should help users to make good decisions when reviewing access requests or certifications.
    • You cannot change the columns by rearranging, adding, or omitting columns in this file. To change these fields, you must modify the entitlement schema.
    • The file you upload for a source must not exceed 1 MB.

    If you need help setting up this entitlement file, contact SailPoint Expert Services.

  7. In the Entitlement Aggregation section of the flat file source, upload your entitlement aggregation .csv by selecting the Upload icon or dragging and dropping the file.

While an aggregation is running, the Start Aggregation button will be disabled. You can view the progress of this aggregation in the Account Aggregation section on this page.

You can view aggregation activity on the Aggregation History page in the Aggregation History and Connections section.

After uploading this file, you can edit entitlements as described in Working with Entitlements. You can add or remove entitlements by importing a new file.

Note

For both flat files and direct connection aggregations, Identity Security Cloud truncates entitlement descriptions longer than 2000 characters.

Troubleshooting Entitlement Aggregation Issues

The following list describes common aggregation issues that may occur and their typical causes:

Entitlements that contain emojis or the + character in their names are not aggregating.

Entitlement names do not support emojis or the + character. Identity Security Cloud supports the UTF8MB3 character set, which excludes emojis and some special characters. Review information about the Basic Multilingual Plane for details.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.