Saviynt Forums

Mahak_Acharya · ‎10/07/2022

Hi,

We have the requirement of creating and updating Azure AD groups via Saviynt.I have been able to achieve group creation but i am unable to add the group owner via Saviynt.

Below is the CreateGroup Json that i am using, Kindly suggest how can i create a group with group owner.

Json:

{
"connection": "userAuth",
"url": "**",
"httpMethod": "POST",
"httpParams": "{\"description\": \"${roles.description==null || roles.description==''? roles.displayname : roles.description}\", \"displayName\": \"${roles.displayname==null || roles.displayname==''? roles.role_name : roles.displayname}\", \"groupTypes\": [\"${roles.customproperty21=='Office365'? 'Unified' : ''}\"], \"mailEnabled\": \"${roles.customproperty22 == '1' ? true : false}\", \"mailNickname\": \"${roles.displayname==null || roles.displayname==''? roles.role_name : roles.displayname}\", \"securityEnabled\": \"${roles.customproperty23 == '1' ? true : false}\",\"owners@odata.bind\": [\"${allOwner}\"]}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json"
}

Thanks,

Mahak

rushikeshvartak · ‎10/07/2022

Refer Link https://saviynt.freshdesk.com/support/solutions/articles/43000582534-managing-azure-ad-groups

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Mahak_Acharya · ‎10/07/2022

Hi Rushikesh,

Thank for your response.

I am using the method defined in the documentation for group owner addition and setting the Rank for the owner as 1. Upon create entitlement task creation and provisioning, the group is getting created but the group owner is not getting tagged.

Hence requesting assistance at json level if any configuration is missing for group owner addition.

Thanks and Regards,

Mahak

avinashchhetri · ‎10/07/2022

@Mahak_Acharya,

This should be achieveable with the JSON that you have set. Is there anything specfic you see in the logs ? You have tagged your Saviynt version as v5.5SP3.x, do you know the specific service pack version for your environment ?

Regards,
Avinash Chhetri

Mahak_Acharya · ‎10/07/2022

We are on v5.5SP3.11.

I do see the user and rank being read in the logs, but the group is getting created without the owner.

2022-10-07 15:15:25,377 [https-jsse-nio-443-exec-93] INFO services.UsersService - Auditing for role_ownerslistjson action
2022-10-07 15:15:25,377 [https-jsse-nio-443-exec-93] INFO services.UsersService - Auditing process completed for entitlement
2022-10-07 15:15:25,380 [https-jsse-nio-443-exec-93] DEBUG println.PrintlnToLogger - Println :: session.selectedOwners= [216605_1]
2022-10-07 15:15:25,382 [https-jsse-nio-443-exec-93] DEBUG println.PrintlnToLogger - Println :: Select r from Users r where 1=1 and r.id in (216605)
2022-10-07 15:15:37,932 [https-jsse-nio-443-exec-91] INFO services.UsersService - starting to process roles auditing
2022-10-07 15:15:37,936 [https-jsse-nio-443-exec-91] INFO services.UsersService - Auditing for selectentitlement action
2022-10-07 15:15:37,938 [https-jsse-nio-443-exec-91] INFO services.UsersService - Auditing process completed for entitlement
2022-10-07 15:15:41,836 [https-jsse-nio-443-exec-11] INFO services.UsersService - starting to process roles auditing
2022-10-07 15:15:41,841 [https-jsse-nio-443-exec-11] INFO services.UsersService - Auditing for role_entitlementlistjson action
2022-10-07 15:15:41,841 [https-jsse-nio-443-exec-11] INFO services.UsersService - Auditing process completed for entitlement
2022-10-07 15:15:41,859 [https-jsse-nio-443-exec-105] INFO services.UsersService - starting to process entitlement auditing
2022-10-07 15:15:41,865 [https-jsse-nio-443-exec-105] INFO services.UsersService - Auditing for addentitlementforrolesjson action
2022-10-07 15:15:41,865 [https-jsse-nio-443-exec-105] INFO services.UsersService - Auditing process completed for entitlement
2022-10-07 15:15:41,887 [https-jsse-nio-443-exec-11] DEBUG controllers.RolesController - Select r from Entitlement_values r where 1=1 and r.id in (-1)
2022-10-07 15:15:41,907 [https-jsse-nio-443-exec-105] DEBUG println.PrintlnToLogger - Println :: qry :from Entitlement_values e Where e.status=1 and e.entitlementtypekey.endpointkey in (182)

Regards,

Mahak

Mahak_Acharya · ‎10/14/2022

t

Mahak_Acharya · ‎10/14/2022

i have tried hardcoding the object id for the owner as well, but still the Azure group shows 0 owners.

Mahak_Acharya · ‎10/14/2022

${allOwner==null? 'https://graph.microsoft.com/v1.0/users/1ada1d10-ad6c-4d1e-8fc6-bab9941d491d' : allOwner}

rushikeshvartak · ‎10/14/2022

It seems some code issue with your version. please raise support ticket for same. as syntax looks correct

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

avinashchhetri · ‎10/14/2022

@Mahak_Acharya,

As per the release notes, link shared below, there was an issue with adding Group Owners when an Azure AD Group was created. Check for CONN-115 in the release notes.

https://saviynt.freshdesk.com/a/solutions/articles/43000626015

However, this was fixed with the release of v5.5SP3.7 and since you are on a higher version, this should not have occured. Probably a support ticket would be more useful for this issue.

Regards,
Avinash Chhetri

Saviynt Forums

Adding/Updating Group Owner for Azure AD Groups via Saviynt