17.4 Managing Permission Reconciliation Settings

The Permission Reconciliation Settings page allows you to manage the behavior of permission assignment reconciliation between Resource Catalog or Identity Application, and the connected application.

The Permission Reconciliation Settings page allows you to configure the resources, to be used by permission reconciliation during delta computation or publish.

Perform the following actions to create settings to reconcile permissions:

Navigate to Administration > Permission Reconciliation. Click . The Permission Reconciliation Settings page appears.

This page lists all the settings made for Identity Applications resources:

    • Driver Name

    • Entitlement

    • Permission

    • Resource Name

    Ensure a resource is created to configure the permission reconciliation settings.

    The existing resources can be mapped in CPRS settings. For more information, click on the Dashboard.

    NOTE:If settings are listed, click to customize the columns. Drag and drop the required columns from Available Columns to Selected Columns.

17.4.1 Editing Permission Reconciliation Settings

Perform the following steps to edit the Permission Reconciliation settings:

  1. Click to map entitlement from the connected application to the Identity Manager resource.

  2. Select an Entitlement you want to manage.

    For example: LDAP Driver > User Account Entitlement

    NOTE:If you select MDAD driver, you must select the required Logical system to reconcile. By default the first Logical system is selected.

  3. Perform the following actions to create or edit the permission reconciliation settings between the selected entitlement and mapped resources:

    1. (Conditional) In Entitlement Value Association, select the List Resources With Dynamic Value to list the resources that are not associated with entitlement values. De-select this option to list resources that are associated with entitlement values.

      The list of resources already configured for the selected entitlement is displayed.

    2. Type the resource name you want to select from the list. This lists the resources that are already present in the Resources page.You can select more than one resource for a multivalued entitlement.

      If no resources are listed, you should create a resource with entitlement for the required connected application. To create a new resource, see Creating a New Resource.

  4. Click Save.

    You can view this setting on the Permission Reconciliation Settings page.