and more in a single search tool across platforms. Read the announcement here. |
10/07/2022 07:32 AM
Hi,
We have the requirement of creating and updating Azure AD groups via Saviynt.I have been able to achieve group creation but i am unable to add the group owner via Saviynt.
Below is the CreateGroup Json that i am using, Kindly suggest how can i create a group with group owner.
Json:
{
"connection": "userAuth",
"url": "**",
"httpMethod": "POST",
"httpParams": "{\"description\": \"${roles.description==null || roles.description==''? roles.displayname : roles.description}\", \"displayName\": \"${roles.displayname==null || roles.displayname==''? roles.role_name : roles.displayname}\", \"groupTypes\": [\"${roles.customproperty21=='Office365'? 'Unified' : ''}\"], \"mailEnabled\": \"${roles.customproperty22 == '1' ? true : false}\", \"mailNickname\": \"${roles.displayname==null || roles.displayname==''? roles.role_name : roles.displayname}\", \"securityEnabled\": \"${roles.customproperty23 == '1' ? true : false}\",\"owners@odata.bind\": [\"${allOwner}\"]}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json"
}
Thanks,
Mahak
10/07/2022 07:39 AM
Refer Link https://saviynt.freshdesk.com/support/solutions/articles/43000582534-managing-azure-ad-groups
10/07/2022 07:53 AM
Hi Rushikesh,
Thank for your response.
I am using the method defined in the documentation for group owner addition and setting the Rank for the owner as 1. Upon create entitlement task creation and provisioning, the group is getting created but the group owner is not getting tagged.
Hence requesting assistance at json level if any configuration is missing for group owner addition.
Thanks and Regards,
Mahak
10/07/2022 08:05 AM
This should be achieveable with the JSON that you have set. Is there anything specfic you see in the logs ? You have tagged your Saviynt version as v5.5SP3.x, do you know the specific service pack version for your environment ?
10/07/2022 08:51 AM
We are on v5.5SP3.11.
I do see the user and rank being read in the logs, but the group is getting created without the owner.
2022-10-07 15:15:25,377 [https-jsse-nio-443-exec-93] INFO services.UsersService - Auditing for role_ownerslistjson action
2022-10-07 15:15:25,377 [https-jsse-nio-443-exec-93] INFO services.UsersService - Auditing process completed for entitlement
2022-10-07 15:15:25,380 [https-jsse-nio-443-exec-93] DEBUG println.PrintlnToLogger - Println :: session.selectedOwners= [216605_1]
2022-10-07 15:15:25,382 [https-jsse-nio-443-exec-93] DEBUG println.PrintlnToLogger - Println :: Select r from Users r where 1=1 and r.id in (216605)
2022-10-07 15:15:37,932 [https-jsse-nio-443-exec-91] INFO services.UsersService - starting to process roles auditing
2022-10-07 15:15:37,936 [https-jsse-nio-443-exec-91] INFO services.UsersService - Auditing for selectentitlement action
2022-10-07 15:15:37,938 [https-jsse-nio-443-exec-91] INFO services.UsersService - Auditing process completed for entitlement
2022-10-07 15:15:41,836 [https-jsse-nio-443-exec-11] INFO services.UsersService - starting to process roles auditing
2022-10-07 15:15:41,841 [https-jsse-nio-443-exec-11] INFO services.UsersService - Auditing for role_entitlementlistjson action
2022-10-07 15:15:41,841 [https-jsse-nio-443-exec-11] INFO services.UsersService - Auditing process completed for entitlement
2022-10-07 15:15:41,859 [https-jsse-nio-443-exec-105] INFO services.UsersService - starting to process entitlement auditing
2022-10-07 15:15:41,865 [https-jsse-nio-443-exec-105] INFO services.UsersService - Auditing for addentitlementforrolesjson action
2022-10-07 15:15:41,865 [https-jsse-nio-443-exec-105] INFO services.UsersService - Auditing process completed for entitlement
2022-10-07 15:15:41,887 [https-jsse-nio-443-exec-11] DEBUG controllers.RolesController - Select r from Entitlement_values r where 1=1 and r.id in (-1)
2022-10-07 15:15:41,907 [https-jsse-nio-443-exec-105] DEBUG println.PrintlnToLogger - Println :: qry :from Entitlement_values e Where e.status=1 and e.entitlementtypekey.endpointkey in (182)
Regards,
Mahak
10/14/2022 07:09 AM
t
10/14/2022 07:10 AM
i have tried hardcoding the object id for the owner as well, but still the Azure group shows 0 owners.
10/14/2022 07:10 AM
${allOwner==null? 'https://graph.microsoft.com/v1.0/users/1ada1d10-ad6c-4d1e-8fc6-bab9941d491d' : allOwner}
10/14/2022 07:22 AM
It seems some code issue with your version. please raise support ticket for same. as syntax looks correct
10/14/2022 07:58 AM
As per the release notes, link shared below, there was an issue with adding Group Owners when an Azure AD Group was created. Check for CONN-115 in the release notes.
https://saviynt.freshdesk.com/a/solutions/articles/43000626015
However, this was fixed with the release of v5.5SP3.7 and since you are on a higher version, this should not have occured. Probably a support ticket would be more useful for this issue.