Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Assistance Required for Account and Entitlement Mapping in SuccessFactors(REST Connector)

AtrayeeDutta
Regular Contributor
Regular Contributor
Hi All,
 
Currently, we are onboarding the SuccessFactors application and establishing a connection using REST in Saviynt. We have been successful in pulling the accounts and entitlements, but we are encountering some challenges when it comes to mapping these accounts to their respective entitlements. In POSTMAN the API is working.
 
Below is our ImportAccountEntJSON
 
{
    "accountParams": {
        "connection": "acctAuth",
        "processingType": "SequentialAndIterative",
        "statusAndThresholdConfig": {
            "statusColumn": "customproperty11",
            "activeStatus": [
                "t"
            ],
            "deleteLinks": true,
            "accountThresholdValue": 10000,
            "correlateInactiveAccounts": false,
            "inactivateAccountsNotInFile": true,
            "deleteAccEntForActiveAccounts": true
        },
        "call": {
            "call1": {
                "callOrder": 0,
                "stageNumber": 0,
                "http": {
                    "httpHeaders": {
                        "Authorization": "${access_token}",
                        "Accept": "application/json"
                    },
                    "httpContentType": "application/json",
                    "httpMethod": "GET"
                },
                "listField": "d.results",
                "keyField": "accountID",
                "colsToPropsMap": {
                    "accountID": "userId~#~char",
                    "name": "userId~#~char",
                    "status": "status~#~char",
                    "customproperty1": "firstName~#~char",
                    "customproperty2": "lastName~#~char",
                    "customproperty3": "custom01~#~char",
                    "customproperty11": "status~#~char"
                }
            }
        }
    },
    "entitlementParams": {
        "connection": "acctAuth",
        "processingType": "SequentialAndIterative",
        "entTypes": {
            "RBPRoles": {
                "entTypeOrder": 1,
                "call": {
                    "call1": {
                        "callOrder": 0,
                        "stageNumber": 0,
                        "http": {
                            "url": "https://xxxxxxxxxxxxxxx/odata/v2/RBPRole",
                            "httpHeaders": {
                                "Authorization": "${access_token}",
                                "Accept": "application/json"
                            },
                            "httpContentType": "application/json",
                            "httpMethod": "GET"
                        },
                        "listField": "d",
                        "keyField": "entitlementID",
                        "colsToPropsMap": {
                            "entitlementID": "roleId~#~char",
                            "entitlement_value": "roleName~#~char",
                            "description": "roleDesc~#~char",
                            "customproperty2": "userType~#~char",
                            "customproperty3": "lastModifiedDate~#~char"
                        }
                    }
                }
            }
        }
    },
    "acctEntParams": {
        "connection": "acctAuth",
        "entTypes": {
            "RBPRoles": {
                "call": {
                    "call1": {
                        "callOrder": 0,
                        "stageNumber": 0,
                        "processingType": "httpAcctToEnt",
                        "http": {
                            "httpHeaders": {
                                "Authorization": "${access_token}"
                            },
                            "url": "https://xxxxxxxxxxxxxxxx/odata/v2/getUserRolesByUserId?userId=${'id'}",
                            "httpContentType": "application/x-www-form-urlencoded",
                            "httpMethod": "GET"
                        },
                        "listField": "d.results",
"entIdPath": "roleId",
                   
                        "entKeyField": "entitlementID",
"acctKeyField": "accountID"
                        
                    }
                }
            }
        }
    }
}
8 REPLIES 8

naveenss
All-Star
All-Star

Hi @AtrayeeDutta can you share the sample response?

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Hi,

Please find attached sample response.

AtrayeeDutta
Regular Contributor
Regular Contributor

Hi @rushikeshvartak @naveenss 

Please see the attached please see the attached screenshots and the log file. I can see response in Saviynt log is matching with Postman. However at the time of accounts to entitlement mapping entvalkey is null as per log.

Below is the updated JSON.
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty11",
"activeStatus": [
"t"
],
"deleteLinks": true,
"accountThresholdValue": 10000,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://000000000000000/odata/v2/User?$select=userId,firstName,lastName,custom01,status&$filter=stat...",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "d.results",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "userId~#~char",
"name": "userId~#~char",
"status": "status~#~char",
"customproperty1": "firstName~#~char",
"customproperty2": "lastName~#~char",
"customproperty3": "custom01~#~char",
"customproperty11": "status~#~char"
}
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"DynamicGroups": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://000000000000000/odata/v2/DynamicGroup",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "d.results",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "groupID~#~char",
"entitlement_value": "groupName~#~char",
"customproperty1": "groupType~#~char",
"customproperty2": "lastModifiedDate~#~char",
"customproperty3": "groupID~#~char"
}
}
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"entTypes": {
"DynamicGroups": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpAcctToEnt",
"httpHeaders": {
"Authorization": "${access_token}",
"httpContentType": "application/json"
},
"url": "https://000000000000000/odata/v2/getDynamicGroupsByUser?userId='${id}'&groupSubType='permission'",
"httpMethod": "GET"
},
"listField": "d",
"entIdPath": "groupId",
"entKeyField": "entitlementID",
"acctKeyField": "accountID"
}
}
}
}
}

Keep listfield blank and try 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

We have now been able to map one account successfully. However, we encountered another issue. When running the access import for all accounts (53k accounts), the job fails after running for 13 hours. Is there a way to resolve this issue? Below is the working JSON.

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty11",
"activeStatus": [
"t"
],
"deleteLinks": true,
"accountThresholdValue": 10000,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxxxxxxxxxxxxxx/odata/v2/User?$select=userId,firstName,lastName,custom01,status&$filter=st...'",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "d.results",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "userId~#~char",
"name": "userId~#~char",
"status": "status~#~char",
"customproperty1": "firstName~#~char",
"customproperty2": "lastName~#~char",
"customproperty3": "custom01~#~char",
"customproperty11": "status~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response.completeResponseMap.d.__next}"
}
}
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"DynamicGroups": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxxxxxxxxxxxxxx/odata/v2/DynamicGroup",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "d.results",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "groupID~#~char",
"entitlement_value": "groupName~#~char",
"customproperty1": "groupType~#~char",
"customproperty2": "activeMembershipCount~#~char",
"customproperty3": "groupID~#~char"
}
}
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"entTypes": {
"DynamicGroups": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpAcctToEnt",
"http": {
"httpHeaders": {
"Authorization": "${access_token}",
"Accept":"application/json"
},
"url": "https://xxxxxxxxxxxxxxxxx/odata/v2/getDynamicGroupsByUser?userId='${id}'&groupSubType='permission'",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "d",
"entIdPath": "groupId",
"entKeyField": "entitlementID",
"acctKeyField": "accountID"
}
}
}
}
}
}


What is error after 13 hours ? Does API does not have pagination. 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Vedanth-BK
Regular Contributor II
Regular Contributor II

@AtrayeeDutta 
Please try with the below URL in the acctEntParams

"url": "https://000000000000000/odata/v2/getDynamicGroupsByUser?userId=%27${id}%27&groupSubType=%27permission%27",

 

Thank you
Vedanth B.K
If you find my response helpful and it works, Hit the 'Kudos' button and accept it as a solution!!