Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

AcctToEntMapping Not Working After Access Import (REST)

DG1811
New Contributor III
New Contributor III

Hi Team,

We are onboarding an application, where the Import Account is successful. Import Entitlement is also successful. Also the CP31 is populating as expected as below.

{"Roles":{"entIds":["[Admin]"],"keyField":"entitlement_value"}}

But the mapping in the entitlementHierarchy is not happening. Please find the details below. 

UserAPI response:

{
"data": [
{
"email": "user.name@domain.com",
"fullName": "User Name",
"id": "9652355105",
"lowestRole": "Admin",
"scope": "tenant",
"scopeRoles": [
{
"id": "3614710737173",
"roleId": "7968706102685",
"roleName": "Admin",
"roles": [
"Admin"
]
}
],
"siteRoles": [],
"source": "mgmt"
},
{
second data
}
]
}

Role response API:

{
"data": [
{
"description": "All Console features and actions in the assigned scope",
"id": "7968706102685",
"name": "Admin",
"scope": "tenant",
"scopeId": "3614710737173",
"usersInRoles": 12
},
{
SECOND DATE
}
]
}

 

We have used the below JSON.

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"accountThresholdValue": 2000,
"inactivateAccountsNotInFile": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxxxxxxxxxxx/web/api/v2.1/users",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "key",
"Accept": "*/*"
}
},
"listField": "data",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "id~#~char",
"customproperty1": "fullName~#~char",
"customproperty2": "lowestRole~#~char",
"customproperty3": "scope~#~char",
"customproperty4": "email~#~char",
"customproperty5": "source~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.completeResponseMap?.next_page==null?null:response.completeResponseMap.next_page}"
}
}
}
},
"acctEntMappings": {
"Roles": {
"listPath": "scopeRoles.roles",
"idPath": "",
"keyField": "entitlement_value"
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Roles": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxxxxxxxxxxxxxxxxx/web/api/v2.1/rbac/roles",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "key",
"Accept": "*/*"
}
},
"listField": "data",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "name~#~char",
"entitlement_value": "name~#~char",
"Description": "description~#~char",
"customproperty1": "id~#~char",
"customproperty2": "scope~#~char",
"customproperty3": "scopeId~#~char",
"customproperty4": "usersInRoles~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.completeResponseMap?.next_page==null?null:response.completeResponseMap.next_page}"
}
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"entTypes": {
"Roles": {
"call": {
"call1": {
"processingType": "acctToEntMapping",
"http": {}
}
}
}
}
}
}

 

 

Please suggest an outcome, we have tried to switch the entitlement types also, but no help. 

Thanks

7 REPLIES 7

rushikeshvartak
All-Star
All-Star

Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .



‼️‼️⚠️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.⚠️‼️‼️


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi @rushikeshvartak ,

Please find teh logs for account and access import for Test Application (updated the name).

Thanks

DG1811
New Contributor III
New Contributor III

Hi All,

There is an update. 

 

ImportAccountJson is as below

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/users",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "rows",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "object.id~#~char",
"name": "values[0]~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.completeResponseMap?.next_page==null?null:response.completeResponseMap.next_page}"
}
}
}
},
"acctEntMappings": {
"Groups": {
"importAsEntitlement": true,
"listPath": "values",
"idPath": "",
"keyField": "entitlementID"
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Groups": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxx/groups",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "rows",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "values[0]~#~char",
"entitlement_value": "values[0]~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.completeResponseMap?.next_page==null?null:response.completeResponseMap.next_page}"
}
},
"disableDeletedEntitlements": true,
}
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}

 

 

 

The response of the groups api is as below

"rows": [
        {
            "object": {
                "id": "101",
                "entityId": 2700
            },
            "values": [
                "sysspgroup",
                "true"
            ]

 

The response of the users group api is as below. The bold one in this response is the group. 

"rows": [
        {
            "object": {
                "id": "1",
                "entityId": 2600
            },
            "values": [
                "Administrator",
                ">!PWD!<",
                "",
                "Administrator",
                "sysspgroup",
                "",
                "1",
                "",
                "true",
                [
                    ""
                ]
            ]
        }

 

We have the details stored in the CP31, but we are unable to map the entitlement, it pulls all the data. 

{"Groups":{"entIds":["Administrator",">!PWD!<","Administrator","sysspgroup","1","true"],"keyField":"entitlementID"}}

 

Please suggest the account to entitlement params.

Thanks

DG1811
New Contributor III
New Contributor III

@rushikeshvartak ,
Any update on the above request.

values contains account to ent mapping ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

@rushikeshvartak ,
Yes, we have the below reponse 

"rows": [
        {
            "object": {
                "id": "1",
                "entityId": 2600
            },
            "values": [
                "Administrator",
                ">!PWD!<",
                "",
                "Administrator",
                "sysspgroup",
                "",
                "1",
                "",
                "true",
                [
                    ""
                ]
            ]
        }

 

and the one marked in bold is the entitlement.

So we have wrote the acctEntMappings as below. 

,
"acctEntMappings": {
"Groups": {
"importAsEntitlement": true,
"listPath": "values",
"idPath": "",
"keyField": "entitlementID"
}
}

 

but its not populating the details. 

On recent change, we did the following change in the listPath and it is now pulling that details. But the entitlement is not mapping.

,
"acctEntMappings": {
"Groups": {
"importAsEntitlement": true,
"listPath": "values[4]",
"idPath": "",
"keyField": "entitlementID"
}
}

 

Please suggest a way to populate the entitlement

  • So out of n entitlements, we just have to pull Sysspgroup?
  • if yes, then you need to use #CONST and java script to write custom logic for account CP31

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.