Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Anyone gotten this working? Azure AD REST bifurcation to WinPS for mail-enabled groups

KenKoch
New Contributor II
New Contributor II

‎10/13/2022 11:20 AM

Greetings. I'm trying to get my Azure AD Rest calls to split for the WinPS actions per this document:

https://saviynt.freshdesk.com/support/solutions/articles/43000463699-azure-ad-connector-guide

I've tried so many variations of this but cannot get anything to happen. The WinPS server is hosted at Saviynt, so I don't have access to logs there.

I'm wondering if anyone discovered anything wrong in the documentation that I need to tweak to make this work? I have other connections calling to my WinPS via a straight REST integration. Since the AzureAD connection is double-layering this, I'm not sure what to try next. I even tried stripping out the IF logic bifurcation to see if I could make the entire call goto WinPS but still don't get any meaningful output. The debug application logs don't have any errors, they just say it performed 1 rest call.

 

Here's the example for the RemoveAccessJSON:

{
      "name": "AADGroup",
      "connection": "${entitlementValue.customproperty8.trim().equals('true') && entitlementValue.customproperty10.trim().equals('false') && entitlementValue.customproperty11==null? 'acctAuth' : 'userAuth'}",
      "url": "${entitlementValue.customproperty8.trim().equals('true') && entitlementValue.customproperty10.trim().equals('false') && entitlementValue.customproperty11==null? 'https://HostComputer.com/Saviynt/PS/ExecutePSscript':'https://graph.microsoft.com/v1.0/groups/'+entitlementValue.entitlementID+'/members/'+account.accountID+'/\\$ref'}",
      "httpMethod": "${entitlementValue.customproperty8.trim().equals('true') && entitlementValue.customproperty10.trim().equals('false') && entitlementValue.customproperty11==null? 'POST' : 'DELETE'}",
      "httpParams": "${entitlementValue.customproperty8.trim().equals('true') && entitlementValue.customproperty10.trim().equals('false') && entitlementValue.customproperty11==null?'{\"Script\": \"\\$pw = convertto-securestring \\\\\"'+connection.properties.password+'\\\\\" -asplaintext -force;\\$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist \\\\\"'+connection.properties.userName+'\\\\\",\\$pw;Invoke-Command -ComputerName \\\\\"<<Computer-Name>>\\\\\" -Credential \\$mycred -scriptblock {\\$User = \\\\\"'+connection.user+'\\\\\";\\$PWord = ConvertTo-SecureString -String \\\\\"'+connection.pass+'\\\\\" -AsPlainText -Force;\\$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList \\$User, \\$PWord;\\$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential \\$Credential -Authentication Basic -AllowRedirection;Import-PSSession \\$Session -DisableNameChecking -verbose:\\$false | Out-Null;Remove-DistributionGroupMember -Identity \\\\\"'+entitlementValue.entitlement_value+'\\\\\" -Member \\\\\"'+ +'\\\\\" -Confirm:\\$false;Remove-PSSession \\$Session}\"}' : '{}'}",
      "httpHeaders": {
        "Authorization": "${access_token}"
      },
      "httpContentType": "${entitlementValue.customproperty8.trim().equals('true') && entitlementValue.customproperty10.trim().equals('false') && entitlementValue.customproperty11==null?'application/x-www-form-urlencoded' : 'application/json'}",
      "successResponses": {
        "statusCode": [
          200,
          201,
          204,
          205
        ]
      }
    },

 

Labels:
0 Kudos
4 REPLIES 4

rushikeshvartak
All-Star
All-Star

‎10/13/2022 07:48 PM

I hope you have updated below information

Specify this parameter to add access for a user. To define this parameter, use a format similar to the following:

Note:
HostComputer - Replace HostComputer with the host domain of the IIS Server.
Computer-Name - Replace Computer-Name with the ComputerName of the IIS Server. Sample: WIN-QJ3E7AO9ED7

 

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

KenKoch
New Contributor II
New Contributor II
In response to rushikeshvartak

‎10/14/2022 06:30 AM

Yes, it's all replaced. As I mentioned, I have WinPS working just fine on other connections that are WinPS only. The AzureAD is a layered call to WinPS so I'm not sure how to troubleshoot it further.

0 Kudos

KenKoch
New Contributor II
New Contributor II
In response to KenKoch

‎10/28/2022 01:39 PM

Any suggestions? I also put a support ticket in (https://saviynt.freshdesk.com/support/tickets/1541969) and they told me to open an enhancement request.. uhhh.. 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to KenKoch

‎10/28/2022 02:49 PM

Then you need to create ticket on ideas portal


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC