We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Okta Accounts and Entitlements are not mapping

sandeepgudipudi
New Contributor
New Contributor

Iam able to import accounts and entitlements but entitlements are not mapping/retrieved for accounts and the status all accounts that are imported are showing as Active even they are disabled in okta

 

{
   "accountParams":{
      "connection":"acctAuth",
      "processingType":"SequentialAndIterative",
      "call":{
         "call1":{
            "callOrder":0,
            "http":{
               "httpHeaders":{
                  "Authorization":"${access_token}",
                  "Accept":"application/json"
               },
               "httpContentType":"application/json",
               "httpMethod":"GET"
            },
            "listField":"",
            "keyField":"accountID",
            "statusConfig":{
               "active":"true",
               "inactive":"false"
            },
            "colsToPropsMap":{
"name": "profile.login~#~char",
"accountID": "id~#~char",
"customproperty1": "profile.firstName~#~char",
"customproperty2": "profile.lastName~#~char",
"customproperty3": "profile.email~#~char",
"customproperty4": "profile.zipCode~#~char",
"customproperty5": "profile.authCode~#~char",
"customproperty6": "profile.city~#~char",
"customproperty7": "profile.displayName~#~char",
"customproperty8": "profile.nickName~#~char",
"customproperty9": "profile.sapAcctID~#~char",
"accounttype": "profile.userType~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
 
            },
            "disableDeletedAccounts":false
         }
      },
      "acctEntMappings":{
         "groups":{
  "importAsEntitlement": false,
            "listPath":"",
            "idPath":"",
            "keyField":"entitlementID"
         }
      }
   },
   "entitlementParams":{
      "connection":"acctAuth",
      "processingType":"SequentialAndIterative",
      "entTypes":{
         "groups":{
            "entTypeOrder":0,
            "call":{
               "call1":{
                  "callOrder":0,
                  "http":{
                     "url":"https://abc.oktapreview.com/api/v1/groups",
                     "httpHeaders":{
                        "Authorization":"${access_token}",
                        "Accept":"application/json"
                     },
                     "httpContentType":"application/json",
                     "httpMethod":"GET"
                  },
                  "listField": "",
                  "keyField": "entitlementID",
                  "colsToPropsMap":{
                     "entitlementID": "id~#~char",
                     "entitlement_value": "profile.name~#~char",
"description": "profile.description~#~char",
"customproperty2": "type~#~char",
"displayname": "profile.name~#~char"
                  },
                  "disableDeletedEntitlements":false
               }
            }
         }
      }
   },
   "acctEntParams":{
      "processingType":"acctToEntMapping"
   },
   
    "acctEntParams":{
      "connection":"acctAuth",
      "processingType":"httpEntToAcct",
      "entTypes":{
         "groups":{
            "entTypeOrder":0,
            "call":{
               "call1":{
                  "callOrder":0,
                  "http":{
                     "url":"https://abc.oktapreview.com/api/v1/groups/${id}/users",
                     "httpHeaders":{
                        "Authorization":"${access_token}",
                        "Accept":"application/json"
                     },
                     "httpContentType":"application/json",
                     "httpMethod":"GET"
                  },
                  "listField": "users",
                  "entKeyField": "entitlementID",
                  "acctIdPath": "id",
                  "acctKeyField": "accountID"
                        
               
               }
            }
         }
      }
   }
}
12 REPLIES 12

DixshantValecha
Saviynt Employee
Saviynt Employee

Hi @sandeepgudipudi,

We are looking into your issue and we will keep you posted.

DixshantValecha
Saviynt Employee
Saviynt Employee

Hi @sandeepgudipudi,

Please refer the below mentioned forum post for related info:-

https://forums.saviynt.com/t5/identity-governance/rest-connection-account-entitlement-mapping-for-in....

Additionally attaching documentation link for detailed info on  statusAndThresholdConfig

https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Developers-Handbook.htm

Please validate and let us know if further details are needed on the same.

sandeepgudipudi
New Contributor
New Contributor

None of the above links are working, attaching new config file and all active/inactive users from okta are importing with status as inactive

 

{
"accountParams":{
"connection":"acctAuth",
"processingType":"SequentialAndIterative",
"statusAndThresholdConfig":{
"statusColumn":"customproperty7",
"activeStatus":[
"ACTIVE",
"STAGED",
"PROVISIONED",
"RECOVERY",
"LOCKED_OUT",
"PASSWORD_EXPIRED",
"SUSPENDED",
"DEPROVISIONED"
],
"deleteLinks":false,
"accountThresholdValue":100,
"inactivateAccountsNotInFile": true,
"correlateInactiveAccounts":true,
"deleteAccEntForActiveAccounts":false,
"includeExistingInActiveAccounts": true
},
"call":{
"call1":{
"callOrder":0,
"stageNumber":0,
"http":{
"url":"https://juniper.oktapreview.com/api/v1/groups/00go16wojfJvLmMvT0h7/users",
"httpContentType":"application/json",
"httpMethod":"GET",
"httpHeaders":{
"Authorization":"${access_token}"
}
},
"statusConfig":{
"active":"true",
"inactive":"false"
},
"listField":"",
"keyField":"accountID",
"colsToPropsMap":{
"name": "profile.login~#~char",
"accountID": "id~#~char",
"customproperty1": "profile.firstName~#~char",
"customproperty2": "profile.lastName~#~char",
"customproperty3": "profile.email~#~char",
"customproperty4": "profile.zipCode~#~char",
"customproperty5": "profile.authCode~#~char",
"customproperty6": "profile.city~#~char",
"customproperty7": "profile.displayName~#~char",
"customproperty8": "profile.nickName~#~char",
"customproperty9": "profile.sapAcctID~#~char",
"accounttype": "profile.userType~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"pagination":{
"nextUrl":{
"nextUrlPath":"${(headers?.link?.split(',').size()==2 && headers?.link.contains('next'))?headers.link.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim():null}"
}
}
}
},
"acctEntMappings": {
"groups": {
"listPath": "",
"idPath": "",
"keyField": "entitlementID"
}
}
},
"entitlementParams":{
"showResponse":true,
"processingType":"SequentialAndIterative",
"entTypes":{
"groups":{
"entTypeOrder":0,
"entTypeLabels":{

},
"call":{
"call1":{
"connection":"acctAuth",
"callOrder":0,
"stageNumber":0,
"http":{
"httpHeaders":{
"Authorization":"${access_token}"
},
"url":"https://juniper.oktapreview.com/api/v1/groups?filter=type%20eq%20%22OKTA_GROUP%22",
"httpContentType":"application/json",
"httpMethod":"GET"
},
"listField":"",
"keyField":"entitlementID",
"colsToPropsMap":{
"entitlementID":"id~#~char",
"description":"profile.description~#~char",
"entitlement_value":"profile.name~#~char",
"displayname":"profile.name~#~char",
"entclass":"type~#~char"
}

}
}
},
"apps":{
"entTypeOrder":1,
"entTypeLabels":{

},
"call":{
"call1":{
"connection":"acctAuth",
"callOrder":1,
"stageNumber":1,
"http":{
"url":"https://juniper.oktapreview.com/api/v1/apps",
"httpHeaders":{
"Authorization":"${access_token}",
"Accept":"application/json"
},
"httpContentType":"application/json",
"httpMethod":"GET"
},
"statusConfig":{
"active":"ACTIVE",
"inactive":"INACTIVE"
},
"listField":"",
"keyField":"entitlementID",
"colsToPropsMap":{
"entitlementID":"id~#~char",
"entitlement_value":"label~#~char",
"displayname":"name~#~char",
"description":"label~#~char",
"status":"status~#~char"
}

}
}
}
}
},
"acctEntParams": {
"entTypes": {
"groups": {
"call": {
"call1": {
"processingType": "acctToEntMapping"
}
}
}
}
}
}

sandeepgudipudi
New Contributor
New Contributor

hello team,

 

account and entitlement mapping is still not working,, Pleas find below config_json

 

{
"accountParams":{
"connection":"acctAuth",
"processingType":"SequentialAndIterative",
"statusAndThresholdConfig":{
"statusColumn":"customproperty7",
"activeStatus":[
"ACTIVE",
"STAGED",
"PROVISIONED",
"RECOVERY",
"LOCKED_OUT",
"PASSWORD_EXPIRED"
],
"deleteLinks":false,
"accountThresholdValue":100,
"correlateInactiveAccounts":true,
"inactivateAccountsNotInFile":false,
"deleteAccEntForActiveAccounts":false
},
"call":{
"call1":{
"callOrder":0,
"stageNumber":0,
"http":{
"url":"https://abc.oktapreview.com/api/v1/groups/00go16wojfJvLmMvT0h7/users",
"httpContentType":"application/json",
"httpMethod":"GET",
"httpHeaders":{
"Authorization":"${access_token}"
}
},

"listField":"",
"keyField":"accountID",
"colsToPropsMap":{
"name": "profile.login~#~char",
"accountID": "id~#~char",
"customproperty1": "profile.firstName~#~char",
"customproperty2": "profile.lastName~#~char",
"customproperty3": "profile.email~#~char",
"customproperty4": "profile.zipCode~#~char",
"customproperty5": "profile.authCode~#~char",
"customproperty6": "profile.city~#~char",
"customproperty7": "status~#~char",
"customproperty8": "profile.nickName~#~char",
"customproperty9": "profile.sapAcctID~#~char",
"customproperty10": "profile.displayname~#~char",
"accounttype": "profile.userType~#~char"
},
"pagination":{
"nextUrl":{
"nextUrlPath":"${(headers?.link?.split(',').size()==2 && headers?.link.contains('next'))?headers.link.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim():null}"
}
}
}
}
},
"entitlementParams":{
"showResponse":true,
"processingType":"SequentialAndIterative",
"entTypes":{
"groups":{
"entTypeOrder":0,
"entTypeLabels":{

},
"call":{
"call1":{
"connection":"acctAuth",
"callOrder":0,
"stageNumber":0,
"http":{
"httpHeaders":{
"Authorization":"${access_token}"
},
"url":"https://abc.oktapreview.com/api/v1/groups?limit=100&filter=type%20eq%20%22OKTA_GROUP%22",
"httpContentType":"application/json",
"httpMethod":"GET"
},
"listField":"",
"keyField":"entitlementID",
"colsToPropsMap":{
"entitlementID":"id~#~char",
"description":"profile.description~#~char",
"entitlement_value":"profile.name~#~char",
"displayname":"profile.name~#~char",
"entclass":"type~#~char"
},
"pagination":{
"nextUrl":{
"nextUrlPath": "${(headers.Link?.contains(','))? headers.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim() : ''}"
}
}
}
}
},
"apps":{
"entTypeOrder":1,
"entTypeLabels":{

},
"call":{
"call1":{
"connection":"acctAuth",
"callOrder":1,
"stageNumber":1,
"http":{
"url":"https://abc.oktapreview.com/api/v1/apps?limit=100",
"httpHeaders":{
"Authorization":"${access_token}",
"Accept":"application/json"
},
"httpContentType":"application/json",
"httpMethod":"GET"
},
"statusConfig":{
"active":"ACTIVE",
"inactive":"INACTIVE"
},
"listField":"",
"keyField":"entitlementID",
"colsToPropsMap":{
"entitlementID":"id~#~char",
"entitlement_value":"label~#~char",
"displayname":"name~#~char",
"description":"label~#~char",
"status":"status~#~char"
},
"pagination":{
"nextUrl":{
"nextUrlPath": "${(headers.Link?.contains(','))? headers.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim() : ''}"
}
}
}
}
}
}
},
"acctEntParams":{
"showResponse":true,
"entTypes":{
"groups":{
"call":{
"call1":{
"connection":"acctAuth",
"callOrder":0,
"stageNumber":0,
"processingType":"httpEntToAcct",
"http":{
"httpHeaders":{
"Authorization":"${access_token}"
},
"url":"https://abc.oktapreview.com/api/v1/groups/${id}/users",
"httpContentType":"application/json",
"httpMethod":"GET"
},
"listField":"",
"entKeyField":"entitlementID",
"acctIdPath":"id~#~char",
"acctKeyField":"accountID",
"pagination":{
"nextUrl":{
"nextUrlPath": "${(headers.Link?.contains(','))? headers.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim() : ''}"
}
}
}
}
}
}
}
}

sandeepgudipudi
New Contributor
New Contributor

Hello Team, 

 

with below config.json, iam only able to get/map only 1000 users mapped to entitlement. There are 30000 users in the group. Can you help with pagination.

 

 

{
"accountParams":{
"connection":"acctAuth",
"processingType":"SequentialAndIterative",
"statusAndThresholdConfig":{
"statusColumn":"customproperty7",
"activeStatus":[
"ACTIVE",
"STAGED",
"PROVISIONED",
"RECOVERY",
"LOCKED_OUT",
"PASSWORD_EXPIRED",
"SUSPENDED",
"DEPROVISIONED"
],
"deleteLinks":false,
"accountThresholdValue":30000,
"correlateInactiveAccounts":true,
"inactivateAccountsNotInFile":false,
"deleteAccEntForActiveAccounts":false
},
"call":{
"call1":{
"callOrder":0,
"stageNumber":0,
"http":{
"url":"https://abc.oktapreview.com/api/v1/groups/00go16wojfJvLmMvT0h7/users",
"httpContentType":"application/json",
"httpMethod":"GET",
"httpHeaders":{
"Authorization":"${access_token}"
}
},

"listField":"",
"keyField":"accountID",
"colsToPropsMap":{
"name": "profile.login~#~char",
"accountID": "id~#~char",
"customproperty1": "profile.firstName~#~char",
"customproperty2": "profile.lastName~#~char",
"customproperty3": "profile.email~#~char",
"customproperty4": "profile.zipCode~#~char",
"customproperty5": "profile.authCode~#~char",
"customproperty6": "profile.city~#~char",
"customproperty7": "status~#~char",
"customproperty8": "profile.nickName~#~char",
"customproperty9": "profile.sapAcctID~#~char",
"customproperty10": "profile.displayname~#~char",
"accounttype": "profile.userType~#~char"
},
"pagination":{
"nextUrl":{
"nextUrlPath": "${(headers.Link?.contains(','))? headers.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim() : ''}"
}
}
}
}
},
"entitlementParams":{
"showResponse":true,
"processingType":"SequentialAndIterative",
"entTypes":{
"groups":{
"entTypeOrder":0,
"entTypeLabels":{

},
"call":{
"call1":{
"connection":"acctAuth",
"callOrder":0,
"stageNumber":0,
"http":{
"httpHeaders":{
"Authorization":"${access_token}"
},
"url":"https://abc.oktapreview.com/api/v1/groups?limit=100&filter=type%20eq%20%22OKTA_GROUP%22",
"httpContentType":"application/json",
"httpMethod":"GET"
},
"statusConfig":{
"active":"ACTIVE",
"inactive":"INACTIVE"
},
"listField":"",
"keyField":"entitlementID",
"colsToPropsMap":{
"entitlementID":"id~#~char",
"description":"profile.description~#~char",
"entitlement_value":"profile.name~#~char",
"displayname":"profile.name~#~char",
"entclass":"type~#~char"
},
"pagination":{
"nextUrl":{
"nextUrlPath": "${(headers.Link?.contains(','))? headers.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim() : ''}"
}
}
}
}
},
"apps":{
"entTypeOrder":1,
"entTypeLabels":{

},
"call":{
"call1":{
"connection":"acctAuth",
"callOrder":1,
"stageNumber":1,
"http":{
"url":"https://abc.oktapreview.com/api/v1/apps?limit=100",
"httpHeaders":{
"Authorization":"${access_token}",
"Accept":"application/json"
},
"httpContentType":"application/json",
"httpMethod":"GET"
},
"statusConfig":{
"active":"ACTIVE",
"inactive":"INACTIVE"
},
"listField":"",
"keyField":"entitlementID",
"colsToPropsMap":{
"entitlementID":"id~#~char",
"entitlement_value":"label~#~char",
"displayname":"name~#~char",
"description":"label~#~char",
"status":"status~#~char"
},
"pagination":{
"nextUrl":{
"nextUrlPath": "${(headers.Link?.contains(','))? headers.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim() : ''}"
}
}
}
}
}
}
},
"acctEntParams":{
"showResponse":true,
"entTypes":{
"groups":{
"call":{
"call1":{
"connection":"acctAuth",
"callOrder":0,
"stageNumber":0,
"processingType":"httpEntToAcct",
"http":{
"httpHeaders":{
"Authorization":"${access_token}"
},
"url":"https://abc.oktapreview.com/api/v1/groups/${id}/users",
"httpContentType":"application/json",
"httpMethod":"GET"
},
"listField":"",
"entKeyField":"entitlementID",
"acctIdPath":"id",
"acctKeyField":"accountID",
"pagination":{
"nextUrl":{
"nextUrlPath": "${(headers.Link?.contains(','))? headers.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim() : ''}"
}
}
}
}
},

"apps":{
"call":{
"call1":{
"connection":"acctAuth",
"callOrder":1,
"stageNumber":1,
"processingType":"httpEntToAcct",
"http":{
"httpHeaders":{
"Authorization":"${access_token}"
},
"url":"https://abc.oktapreview.com/api/v1/apps/${id}/users",
"httpContentType":"application/json",
"httpMethod":"GET"
},
"listField":"",
"entKeyField":"entitlementID",
"acctIdPath":"id",
"acctKeyField":"accountID",
"customproperty4": "label~#~char",
"pagination":{
"nextUrl":{
"nextUrlPath": "${(headers.Link?.contains(','))? headers.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim() : ''}"
}
}
}
}
}
}
}
}

DixshantValecha
Saviynt Employee
Saviynt Employee

Hi @sandeepgudipudi,

In your configuration, you have correctly set up the nextUrlPath for pagination. This should theoretically allow you to paginate through all the users. However, if you’re still only able to map 1000 users, it could be due to an issue with how the nextUrlPath is being parsed or used in subsequent API calls.

suggestion: You could try printing out the nextUrlPath after each API call to ensure it’s being updated correctly. If it’s not changing or if it becomes empty/null, that could be why you’re not able to paginate past the first 1000 users.

If you’re still facing issues, it would be helpful to check the API response or any logs for errors. Also, ensure that the API token used in the Authorization header has the necessary permissions to access all the users in the group.

Secondly Kindly validate:-

"pagination":{
"nextUrl":{
"nextUrlPath": "${(headers.Link?.contains(','))? headers.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim() : ''}"
}
}

sandeepgudipudi
New Contributor
New Contributor

With the mentioned pagination iam getting below error

Cannot get property 'entThresholdValue' on null object

DixshantValecha
Saviynt Employee
Saviynt Employee

Hi @sandeepgudipudi,

Thanks for the update,let me check and get back to you on this.Additionally,Please let me know if there are other distinctive errors in the logs as well.

There are no errors as such. pagination for okta is not working as expected.

When i tried with the pagination iam getting different errors

"pagination":{
"nextUrl":{
"nextUrlPath":"${(headers?.link?.split(',').size()==2 && headers?.link.contains('next'))?headers.link.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim():null}"
}
}

 

Job NameApplication Data Import (Multi Threaded)
Job Typefull
Import Typeaccess
Error In Getting Response In pullObjectsByRestNullResponseFromTarget
Error while getting Access Import Response WebService call failed with responseStatusCode nullFailed url-${(headers?.link?.split(',').size()==2 && headers?.link.contains('next'))?headers.link.split(',')[1].replace('<', '').replace('>; rel="next"','')} for entType-groups with Error Message-null
Error while getting entMappingParams Response WebService call failed with responseStatusCode nullFailed url-${(headers?.link?.split(',').size()==2 && headers?.link.contains('next'))?headers.link.split(',')[1].replace('<', '').replace('>; rel="next"','')} for entType-groups with Error Message-null
Error importAccessFullBySequentialAndIterativeCannot get property 'entThresholdValue' on null object

DixshantValecha
Saviynt Employee
Saviynt Employee

Hi @sandeepgudipudi,

Thanks for the information,Let me check and Update.

sandeepgudipudi
New Contributor
New Contributor

Hi Can you please provide solution for above errors