Saviynt Forums

tuhink · ‎07/25/2024

Hi Team,

We have one Azure connection which imports accounts. Now we created another REST connection to import same accounts. The mapping is same. But when to run a job using the new REST connection its creating a new entry for the same old account & deleting(marking suspended from import) the same account. (Here target details are same). Both accounts have same Account Name(if we do not consider the deleted part after the old account is deleted), account ID & both have accountenabled true which is showing in accounts.

ACCOUNT_ATTRIBUTES for Azure Connection:

{
"colsToPropsMap":{
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"status":"accountEnabled~#~char",
"displayName": "displayName~#~char",
"customproperty21": "employeeId~#~char",
"customproperty22": "givenName~#~char",
"customproperty25": "surname~#~char",
"customproperty23": "mail~#~char",
"customproperty10": "accountEnabled~#~char"
}
}

ImportAccountEntJSON for AZURE REST Connection:

{
"accountParams": {
"connection": "<name>",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"deleteLinks": true,
"accountThresholdValue": 10,
"inactivateAccountsNotInFile": true,
"activeStatus": [
"true"
],
"statusColumn": "customproperty10"
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/beta/users/<tenant id>/?$select=id,userPrincipalName,accountEnabled,employeeId,signInActivity",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"status": "accountEnabled~#~char",
"customproperty10": "accountEnabled~#~char",
"customproperty21": "employeeId~#~char",
"customproperty24": "signInActivity.lastSignInDateTime~#~char"
}
}
}
},
"entitlementParams": {},
"acctEntParams": {}
}

Raghu · ‎07/25/2024

@tuhink try

{
"accountParams": {
"connection": "<name>",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"deleteLinks": false, // Prevent deletion of existing links
"accountThresholdValue": 10,
"inactivateAccountsNotInFile": false, // Prevent inactivation of accounts not in the import file
"activeStatus": [
"true"
],
"statusColumn": "customproperty10",
"correlateInactiveAccounts": true // Ensure inactive accounts are correlated properly
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/beta/users/<tenant id>/?$select=id,userPrincipalName,accountEnabled,employeeId,signInActivity",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET",
"expiryError": [
"token_expired",
"session_timeout"
],
"authError": [
"invalid_token",
"unauthorized"
],
"retryFailureStatusCode": [
500,
502,
503,
504
],
"timeOutError": [
"timeout_error"
],
"errorPath": "error",
"maxRefreshTryCount": 3
},
"listField": "value",
"keyField": "id", // Ensure this field uniquely identifies the account
"colsToPropsMap": {
"accountID": "id~#~char", // Ensure proper correlation using a unique identifier
"name": "userPrincipalName~#~char",
"status": "accountEnabled~#~char",
"customproperty10": "accountEnabled~#~char",
"customproperty21": "employeeId~#~char",
"customproperty24": "signInActivity.lastSignInDateTime~#~char"
}
}
}
},
"entitlementParams": {},
"acctEntParams": {}
}

Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

tuhink · ‎07/25/2024

No not working

rushikeshvartak · ‎07/25/2024

What is purpose of REST Connector ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

tuhink · ‎07/25/2024

To import sign in information from azure

rushikeshvartak · ‎07/25/2024

That is supported with Azure AD connector also.

Refer https://forums.saviynt.com/t5/identity-governance/azure-ad-customsecurityattributevalue-filters-in-a...

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

tuhink · ‎07/25/2024

Hi @rushikeshvartak thank you for letting me know that the sign in information can be fetched by OOTB Azure connection. Actually I had searched few articles where you have only mentioned that it only fetches the delta attributes. So I thought it doesn't work with OOTB azure connection. By the way, can you please still provide some insights about that issue & whether it is a valid scenario.

rushikeshvartak · ‎07/29/2024

I have validated in 24.4 and it works now with OOTB Azure AD connector

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

tuhink · ‎08/18/2024

Hi @rushikeshvartak did you get the signin-info in connection 'Pre-import Review' or by running the account import job? I am getting the details using connection 'Pre-import Review' . But when I am running the import job, I am getting the below error.

ResponseStatusCode-400, Failed url-https://graph.microsoft.com/v1.0/users/delta?$select=id,userPrincipalName,givenName,surname,displayName,employeeId,accountEnabled,mail,signInActivity&$deltaToken=latest, Error Message - {"error":{"code":"BadRequest","message":"Invalid request for delta query: for this entity set, $expand/$select is not supported for the following properties: signInActivity","innerError"

rushikeshvartak · ‎08/19/2024

Yes can you share configs.

To import these details in EIC, update connection configuration as below:
Add signInActivity as one of the attribute in Account_Import_Fields.
1. Configure ACCOUNT_ATTRIBUTES to map signInActivity response. Below are sample mappings:
2. "custompropertyXX":"signInActivity.lastSignInDateTime~#~char" // To map with custom property
3. "LASTLOGONDATE":"signInActivity.lastSignInDateTime~#~date" // To map with date field
4. Run Full Account Import.
  
  Note: SignInActivity details can only be imported as part of full import as Entra ID does not support this attribute as part of delta API call.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

tuhink · ‎08/19/2024

ACCOUNT_ATTRIBUTES:

{
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"status": "accountEnabled~#~char",
"displayName": "displayName~#~char",
"customproperty21": "employeeId~#~char",
"customproperty22": "givenName~#~char",
"customproperty25": "surname~#~char",
"customproperty23": "mail~#~char",
"customproperty10": "accountEnabled~#~char",
"customproperty31": "signInActivity.lastSignInDateTime~#~char",
"LASTLOGONDATE": "signInActivity.lastSignInDateTime~#~date"
}
}

ACCOUNT_IMPORT_FIELDS:

id,userPrincipalName,givenName,surname,displayName,employeeId,accountEnabled,mail,signInActivity

Yes I am running the full account import.

rushikeshvartak · ‎08/19/2024

What is subversion of saviynt 24.4 you are using

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

tuhink · ‎08/19/2024

When I click on the Pre-import Review button in connection its showing the lastlogon data. But when I am running the jobs its throwing that error.

tuhink · ‎08/19/2024

Release-24.4.5

tuhink · ‎08/19/2024

@rushikeshvartak are you using 24.6 version? Because I just found this release note in 24.6.

rushikeshvartak · ‎08/19/2024

I have tested on 24.4.10

Please upgrade version to latest and validate .

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

tuhink · ‎08/19/2024

Hi @rushikeshvartak thats helpful...thank you. Actually our production sub-version is Release-24.4.11, but dev is Release-24.4.5
Any idea whether Saviynt provides patch update so that we can match the dev & prod sub-version...because the full version upgrade will take some time

rushikeshvartak · ‎08/19/2024

Saviynt can provide patches , Please check with CSM

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

rushikeshvartak · ‎08/19/2024

Business Use Case: Some functionality is not working in a in a lower environment. and to keep all environments on the same version, and to match production versions with non-production versions.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

Account Import is Creating New accounts and Suspending Old Accounts