and more in a single search tool across platforms. Read the announcement here. |
04/12/2022 01:03 PM
Hello, I'm trying to update users in SSM via their Active Directory accounts after they are provisioned. The users email address and phone numbers are assigned after the AD account is created and I would like to sync their email and phone number attributes back to SSM for their user,
Please let me know what I am missing. In the UserImportJob, I select the following:
Import from SaviyntConnect: No
External Connection : Active Directory
Allow User Operation : Update Only
Zero Day Provisioning : No
Generate User Email : No
Build Users Cache Map: Yes
Job Type : Full Import (have also tried Incremental)
User Not In Feed Action : No Action
Generate system username : No
Check rules: No
Zero Day Limit : not configured
Reconciliation Field : EmployeeID (also have tried Username)
Add SAV Role : not configured
Status Config: not configured
I have found this other topic, https://saviynt.freshdesk.com/support/discussions/topics/43000524458, but the details are sparse in the answer on how to configure the ImportUserJob to make sure I only want certain fields updated (not necessarily all).
Just in case, I have populated the UPDATEUSERJSON, but apparently doesn't work for what I'm trying to do according to the above topic. Not sure when UPDATEUSERJSON would ever be used, if that's the case...
UPDATEUSERJSON:
{
"mail": "${user.email},"
"mobile": "${user.phonenumber}",
}
End result is, I do not see fields updated and not sure where in the logs to look...
Solved! Go to Solution.
04/12/2022 02:16 PM
Hi Jeremy,
Please define mapping under action " USER_ATTRIBUTE " for user import. Kindly refer the AD conenctor documentation for mapping.
THanks
Ajay
04/12/2022 02:16 PM
Here is the mapping that's in place. I've had this populated, but I'm still not seeing user fields updated from Active Directory.
[username::employeeid#String,
customproperty20::distinguishedname#String,
ENDDATE::accountexpires#millisec,
CREATEDATE::whencreated#date,
UPDATEDATE::whenchanged#Date,
employeeid::employeeid#String,
email::mail#String,
RECONCILATION_FIELD::employeeid]
04/12/2022 02:16 PM
Hi Jeremy,
Greetings!!
I have some questions here:
1) What is the version of SSM you are using?
2) What is the status of User Import, Please attach the debugLogs.
3) Which attribute(s) has been updated which you are not able to see in SSM post import.
Thanks & Regards,
Anand Kumar Jha
04/12/2022 02:16 PM
Hey Anand, thanks for the reply. I was able to work with our implementation partner to get it resolved. I had copied fields from the documentation for the AD connector. Reconciliation was misspelled and I did not notice it. However, even after correcting it it did not work. But, they had me remove "RECONCILATION_FIELD::employeeid" from USER_ATTRIBUTE entirely and let the reconciliation field on the job be the default, which is "USERNAME" and now it is working.
04/12/2022 02:16 PM
04/12/2022 02:16 PM
Hey Anand,
Can i restrict to update only specific user attributes to be update based on a condition from AD Import (USER_ATTRIBUTE)?
Regards,
Satish Jogi