We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Account to entitlement mapping in REST connector

shivmano
Regular Contributor III
Regular Contributor III

Hi Team - 

I am trying to import the account entitlements mapping from a REST endpoint and the accounts and entitlements are brought in just fine but I see the entitlements that are supposed to be removed from the account is still mapped to it after the import and not being removed even though the target app does not have the entitlement added. Both accounts and entitlement is being fetched from the same endpoint and call 

Here is the JSON: 

{
"accountParams": {
"connection": "acctProvAuth",
"showResponse": true,
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty1",
"activeStatus": [
"true"
],
"deleteLinks": true,
"accountThresholdValue": 100,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"connection": "acctProvAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxxxxx/users",
"httpHeaders": {
"Accept": "application/json",
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "Resources",
"keyField": "accountID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userName~#~char",
"displayName": "displayName~#~char",
"customproperty1": "active~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"Role": {
"listPath": "roles",
"idPath": "value",
"keyField": "entitlement_value",
"importAsEntitlement" : false
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Role": {}
}
},
"acctEntParams": {
"entTypes": {
"Role": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "acctToEntMapping"
}
}
}
}
}
}

 

Postman Response for entitlements: 

"roles":[

{

"display":null,

"primary":false,

"$ref":null,

"type":null,

"value":"AD"

}

 

Here is the customproperty31 value that is being populated successfully:

{"Role":{"entIds":["AD"],"keyField":"entitlement_value"}}

 

Please can you advise what might be the issue here?

 

7 REPLIES 7

SB
Saviynt Employee
Saviynt Employee

Can you add "disableDeletedEntitlements": true under the entitlement params block and then run the import job. You can refer to the below format of the json and also from the REST Connector guide 

https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/REST-Integration-Overview-v2022x.htm

{
"accountParams": {},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"MUDetailsRest3": {
"entTypeOrder": 0,
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {},
"statusConfig": {},
"listField": "data",
"keyField": "entitlementID",
"colsToPropsMap": {},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": { }
}


Regards,
Sahil

shivmano
Regular Contributor III
Regular Contributor III

@SB unfortunately that did not work. I updated the below parameters as suggested and then ran the import and then replaced the entitlement on the target app and then ran the import again. After import, it is adding the new entitlement additionally to the original one instead of replacing it

shivmano_0-1679981621756.png

Here 'AD' was added initially and then 'AD' was removed from target app and 'TM' added. so instead of removing 'AD' and adding 'TM'. it has both showing under associated entitlements for the account. 

"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Role": {}
},
"disableDeletedEntitlements": true
},

shivmano
Regular Contributor III
Regular Contributor III

@SB I would also like to mention that we have imported the entitlements through CSV and not from import as we did not want to bring all the entitlements and bring only specific entitlements to manage

SB
Saviynt Employee
Saviynt Employee

If the entitlements are getting associated, the removal of the same should not be an issue. Can you check in the logs to see if there is any error due to threshold that might be causing it.


Regards,
Sahil

shivmano
Regular Contributor III
Regular Contributor III

Yes @SB this has been checked and the threshold set is 100 while the total accounts being pulled is less than 50 

"statusAndThresholdConfig": {
"statusColumn": "customproperty1",
"activeStatus": [
"true"
],
"deleteLinks": true,
"accountThresholdValue": 100,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true

SB
Saviynt Employee
Saviynt Employee

Can you check in the logs to see the information the application prints where entitlements need to be deleted from account. 


Regards,
Sahil

shivmano
Regular Contributor III
Regular Contributor III

@SB Strangely the issue was resolved after specifying the status and threshold config separately in the connection config and increasing the threshold to 1000 even though the number of accounts being pulled is lesser. Thank you