If you are using the IDM Entitlement Fulfillment target with IDM Advanced Edition, you must set the Entitlement Result Purge type to Previous in the GCV values of the User Application Driver. For more information, see, Global Configuration Values in the Identity Console Administration Guide. The target supports only the following fulfillment change requests:
ADD_APPLICATION_TO_USER
ADD_PERMISSION_TO_USER
REMOVE_ACCOUNT_PERMISSION
REMOVE_PERMISSION_ASSIGNMENT
REMOVE_ACCOUNT
When a change request is sent to OpenText Identity Manager for fulfillment, the fulfiller modifies the User Attribute DirXML-EntitlementRef. The IDM engine then sends an event to the driver to ensure that the entitlement is fulfilled.
To successfully fulfill entitlement-related change requests:
Identities must have been collected from OpenText Identity Manager
Users must still be present in Identity Manager
All the fulfillment context attributes required for Recipient (User), Account, and Permission profiles must be specified
Occasionally, when you remove an account from a database, even though fulfillment is successful, OpenText Identity Governance might display the status as Not Fulfilled, Verification Error. This occurs because the value returned by the database might not be consistent with the values the JDBC driver expects. To avoid this issue, ensure that the account status in the entitlement configuration for the driver displays the following values:
For MS SQL and Oracle: <account-status active="0" inactive="1" source="read-attr" source-name="Login Disabled"/>
For PostgreSQL: <account-status active="FALSE" inactive="TRUE" source="read-attr" source-name="Login Disabled"/>