Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

REST based entitlement import getting success with status 200 but entitlements not reflecting in UI

Happy333
New Contributor
New Contributor

Connector : REST
Environment : DEV
Version : 5.5 SP 3.13
Steps to replicate : Run the access import job for REST connector application and check the status and logs.

Go to Entitlements->Advanced->Filter using Security System and Endpoint->Search for entitlements.

Expected Result : Entitlements associated with application must be reflected in Saviynt.

Findings : We have seen that the entitlements are properly retrieving from the URL via SIGA access import and in API calls. We are able to see all application group information including group id in SIGA application logs with 'responseStatusCode ::200'. But entitlements are not appearing in Saviynt UI.

ImportAccountEntJSON (URL is cleared):
{
"accountParams": {},
"entitlementParams":{
"connection":"userAuth",
"processingType":"SequentialAndIterative",
"entTypes":{
"groups":{
"entTypeOrder":0,
"call":{
"call1":{
"callOrder":0,
"stageNumber": 0,
"http":{
"url":"URL",
"httpHeaders":{
"content-Type": "application/json",
"Accept": "application/json",
"Authorization": "${access_token}"
},
"httpContentType":"application/json",
"httpMethod":"GET"
},
"listField":"",
"keyField":"entitlementID",
"colsToPropsMap":{
"entitlementID":"${groupInfoList.groupId}~#~char",
"entitlement_value":"${groupInfoList.groupName}~#~char",
"customproperty1":"${groupInfoList.groupId}~#~char",
"customproperty2":"${groupInfoList.createdDate}~#~char",
"displayname":"${groupInfoList.groupName}~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams":{}
}
Please advise.


10 REPLIES 10

RakeshMG
Saviynt Employee
Saviynt Employee

Please add acctEntParams :

 

"acctEntParams": {
"entTypes": {
"Roles": {
"call": {
"call1": {
"processingType": "http",
"connection": "userAuth",
"http": {
"url": "****",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}"
}
},
"listField": "value",
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"acctIdPath": "UserId",
"entIdPath": "SecurityRoleIdentifier"
}
}
}
}
}


​Regards

Rakesh M Goudar

Added "acctEntParams" and run the import access job.
Getting the same result.
Able to see the entitlements in SIGA application logs with name, groupID, created date etc
Also the import status showing success. But entitlements are not showing in Saviynt UI.

2023-04-13/16:03:06.234 [{}] [quartzScheduler_Worker-10] DEBUG jobs.ApplicationDataImportJob - Setting the value of import status
2023-04-13/16:03:06.234 [{}] [quartzScheduler_Worker-10] DEBUG jobs.ApplicationDataImportJob - Import status :: Success

Manu269
All-Star
All-Star

Hello,

Did you check the below article :

Using the Saviynt Integration (saviyntcloud.com)

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

I have followed the REST connector guide and used the Saviynt recommended JSONs only.
I have gone through the above link as well. So, the expectation is that entitlements need to be reflected in UI via access import job after the account import. You can see that the API call is success and it is showing in logs. Mapping parameters also seems fine. So, I am looking for guidance or assistance to troubleshoot the issue why these entitlements are not reflecting in UI.

A snippet of the SIGA application log is adding here.

2023-04-19/21:37:16.874 [{}] [quartzScheduler_Worker-9] DEBUG rest.RestUtilService - Got showLogs = true
2023-04-19/21:37:16.875 [{}] [quartzScheduler_Worker-9] DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[Date: Wed, 19 Apr 2023 21:37:16 GMT, Server: Apache, X-Robots-Tag: none, Vary: Cookie, x-request-id: "xxxxxxxxxxxxx", Cache-Control: no-cache, no-store, must-revalidate, Pragma: no-cache, Expires: 0, Content-Length: 2398, Strict-Transport-Security: max-age=31536000;, X-XSS-Protection: 1; mode=block, X-Content-Type-Options: nosniff, P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT", Keep-Alive: timeout=15, max=200, Connection: Keep-Alive, Content-Type: application/json;charset=UTF-8], responseText:{"groupInfoList":[{"groupId":"CBJCHBCAABAAUOQR7SAEzVStV6rl8jE_FS_Re6Pt6chX","createdDate":"2021-08-16T07:39:22Z","groupName":"Canada - Rothmanns & Bensons","isDefaultGroup":false},{"groupId":"CBJCHBCAABAAcmVSfyOLBcirz6xBDpJRiffYoB5HdQv8","createdDate":"2019-10-17T17:21:30Z","groupName":"Default Group","isDefaultGroup":true},{"groupId":"CBJCHBCAABAAkoIO7384VExGm_ExrVGgasiAnR1KEON6","createdDate":"2021-12-02T14:20:08Z","groupName":"Digital Signature","isDefaultGroup":false},{"groupId":"CBJCHBCAABAAjTmMQLZZ1GbORz-9nWkBUtaaXLa5NKNP","createdDate":"2020-12-22T16:32:25Z","groupName":"EHS&S","isDefaultGroup":false},{"groupId":"CBJCHBCAABAAUOR-pR0PFuXOg3hHG4lWA5NfNY00fOJ8","createdDate":"2020-03-17T11:24:16Z","groupName":"Finance","isDefaultGroup":false},{"groupId":"CBJCHBCAABAARU-WDqsqaayBCgltkBEqMlFoEg7mN4RU","createdDate":"2020-03-17T10:47:00Z","groupName":"Legal","isDefaultGroup":false},

I have read a limitation of REST connector on import operation in the link you provided. It was suggested to manually import the entitlements with group_id as entitlement ID.
Please advise.

Happy333
New Contributor
New Contributor

In the log snippet you can see the group details properly retrieving from application side via SIGA import access job run. Any changes do I need to make with the Import JSON for further testing.
Also is there any work around like manual upload I can perform to bring up the objects for further configurations?

Happy333
New Contributor
New Contributor

Ignore the previous attachment as it was older version.

Hi @Happy333 ,

Analyzing the debug logs snipet, I see that the listpath and the ColsToProps attributes are not mapped properly.
Please find the attached document containing an updated JSON to import the values of entitlement type Group

Thank you 
Vedanth B.K

Thanks for the response. We have tried the import of account, access and memberships one by one using partial JSON. Initially account import, then access import. Also made some changes to the mapping, we were able to bring the application entitlements synched with Saviynt. But accounts are not completely reflecting in Saviynt. Out of 2000+ users only around 100 users are getting imported. Need to update pagination? Please suggest the things which may be blocking of full account import from target. Also, membership too not get synched. 

Vedanth_BK
Saviynt Employee
Saviynt Employee

Hi @Happy333 

If one page yields only 100 accounts, pagination is necessary to obtain the remaining accounts from the target application. Depending on the kind of pagination that the target application exposes, the pagination block needs to be configured in the JSON.
Please check out our REST connector document, which includes a thorough description with numerous samples and examples. Attaching a link for reference

Developers-Handbook->ImportAccountEntJSON->Common features->Support for Pagination

Thank you
Vedanth B.K

Sure Vedanth. I am already on it. Thanks for your response.