Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

AzureAD : REST Connector: UpdateAccountJSON with manager provisioning using Dynamic Attribute

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on July 5 2020 at 12:37 UTC

Hi All,


We have requirement to provision user manager updates (updates from HR system) to AzureAD (Cloud Only account). Manager attribute is added as a dynamic attribute on endpoint with SQL to retrieve the manager's AzureAD account 'ObjectId' for provisioning.


Refer following configuration. Assign manager using following configuration works fine with CreateAccountJSON but fails when configured in UpdateAccountJSON.


"httpParams": "{\"url\": \"https://graph.windows.net/MyOrg/directoryObjects/${requestAccessAttributes.get('dynManagerAttr')}/Microsoft.DirectoryServices.User\"}",


Error:

Call response: {"odata.error":{"code":"Request_ResourceNotFound","message":{"lang":"en","value":"Resource 'null' does not exist or one of its queried reference-property objects are not present."},"requestId":"a5b5688a-647b-4dd8-b252-e642ec43e034","date":"2020-07-05T12:24:09"}}


Please share any pointer to resolve this issue.



Thanks,

Pallavi

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
2 REPLIES 2

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on July 6 2020 at 10:13 UTC

Hi, Looks like REST connector issue, if I hardcode the manager objectId it works fine. However with dynamic attribute it fails with error given in above post. Thanks, Pallavi
This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on July 7 2020 at 07:02 UTC

Hi Pallavi. Please try managerAccount binding to get account attributes of the requested user for the same endpoint.

Sample: In case you want to map accountID of manager's account, you can use ${managerAccount.accountID}


Please let me know in case of any queries. Thanks

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.