Saviynt Forums

saikanumuri · ‎02/08/2023

QUESTION:

We have new application(Rest based) which needs to be integrated with SIGA.

Application Name - ABC

In this we have one requirement, while creating a user we need send an attribute called Role.

They have total 3 different values for role attribute from app side.

Role name in SIGA	Role attribute in App side
ABC Global Viewer	ACCOUNT_VIEWER
ABC Global Power User	ACCOUNT_EDITOR
ABC Global Admin	ACCOUNT_ADMIN

Requirement:

End user selected a role name in SIGA, if it has viewer in role name, then we need to send Account_viewer as role attribute.

Can you please help us how can we achieve this from saviynt.

The below is sample body of user used in postman for creating the user. It is working from postman.

{

"email": "usdane@gmail.com", &

"permissionSetIds": [1152945],

"name": "",

"sendWelcomeEmail": null,

"manageAccountUsers": false,

"accountId": 1110602,&

"firstName": "Test",&

"lastName": "userDennis",&

"role": "ACCOUNT_VIEWER",

"uiTheme": "BLACK_THEME",

"active": "true"&

}

ANSWER:

Assuming ABC Global Viewer,ABC Global Power User,ABC Global Admin are entitlements, You can try below

"role":"${if(task?.entitlement_valueKey?.entitlement_value.contains('Viewer')){'ACCOUNT_VIEWER'} else if(task?.entitlement_valueKey?.entitlement_value.contains('Admin')){'ACCOUNT_ADMIN'}else if(task?.entitlement_valueKey?.entitlement_value.contains('Power')) {'ACCOUNT_EDITOR'}}"

If these role names are going to be configured in the Dynamic attribute at the endpoint level rather than entitlement, then you can replace task?.entitlement_valueKey?.entitlement_value with the name of the dynamic attribute

IAMI · ‎03/03/2023

Hello saikanumuri,

Could you point me a link to understand how to do the scripting like the one you described above? What does it mean by ? such as task? and task?.entitlement_valueKey? etc. I need learn this part in detail.

I also want to understand in account creation/update JSON configuration, what object I can use, and what attributes of that object I can use etc.

For example, I know I can use connectionJSON, user, task, what else I can use? what about role, rule etc.? Can I know what rule triggered the account operation? what role assignment triggered the account operation etc.?

Sankar · ‎05/29/2023

Hi @saikanumuri

Thanks for commenting on my questions. As you mentioned, I understand about the entitlement from the below.

++++++++++++++++++++++++++++++++++++++++++

Assuming ABC Global Viewer,ABC Global Power User,ABC Global Admin are entitlements, You can try below

"role":"${if(task?.entitlement_valueKey?.entitlement_value.contains('Viewer')){'ACCOUNT_VIEWER'} else if(task?.entitlement_valueKey?.entitlement_value.contains('Admin')){'ACCOUNT_ADMIN'}else if(task?.entitlement_valueKey?.entitlement_value.contains('Power')) {'ACCOUNT_EDITOR'}}"

++++++++++++++++++++++++++++++++++++++++++

But Actual my question is, I need to read it from role name instead of entitlement.

Can you help me on this.

Thanks,
sankar.

Sankar · ‎06/12/2023

HI @saikanumuri

Can you please provide an update on my Query.

Thanks,
sankar.

Sankar · ‎06/13/2023

Team,

I would appreciate if someone help me on my Query?

Thanks,
sankar.

Sankar · ‎07/12/2023

Hi All,

Can someone help on this?

Thanks,

Sankar.

Sankar · ‎08/10/2023

Hi All,

Can someone help on this?

Thanks,

Sankar.

Saviynt Forums

Passing Role Name dynamically in the JSON