Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/05/2024 06:27 AM - edited 07/05/2024 09:00 AM
Hi
imported the azure directoryroles and accounts using following
access- not showing the list of accounts which is member of Directory roles. Could you please help
{
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "Resources",
"keyField": "accountID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"status": "accountEnabled~#~char",
"displayName": "displayName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty3": "jobTitle~#~char",
"customproperty4": "mail~#~char",
"customproperty5": "mobilePhone~#~char",
"customproperty6": "officeLocation~#~char"
}
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"DirectoryRole": {
"entTypeOrder": 0,
"call": {
"call1": {
"connection": "userAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://graph.microsoft.com/v1.0/directoryRoles",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "Resources",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"description": "description~#~char",
"entitlement_glossary": "description~#~char",
"customproperty4": "description~#~char",
"customproperty3": "deletedDateTime~#~char",
"customproperty8": "roleTemplateId~#~char",
"acctEntMappingInfoColumnFromEnt": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"listField": "",
"idPath": "account_id",
"keyField": "accountID",
"importAsAccount": false
}
}
}
},
"acctEntParams": {
"processingType": "entToAcctMapping"
}
}
Solved! Go to Solution.
07/08/2024 03:20 AM
Hi @N598231 can you share the sample response containing the directory role membership?
07/08/2024 11:03 PM
sure, API: https://graph.microsoft.com/v1.0/directoryRoles/<role_ID>/members
07/08/2024 04:10 AM
@N598231 try below
{
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "id",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"status": "accountEnabled~#~char",
"displayName": "displayName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty3": "jobTitle~#~char",
"customproperty4": "mail~#~char",
"customproperty5": "mobilePhone~#~char",
"customproperty6": "officeLocation~#~char"
}
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"DirectoryRole": {
"entTypeOrder": 0,
"call": {
"call1": {
"connection": "userAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://graph.microsoft.com/v1.0/directoryRoles",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "id",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"description": "description~#~char",
"entitlement_glossary": "description~#~char",
"customproperty4": "description~#~char",
"customproperty3": "deletedDateTime~#~char",
"customproperty8": "roleTemplateId~#~char",
"acctEntMappingInfoColumnFromEnt": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"listField": "",
"idPath": "account_id",
"keyField": "accountID",
"importAsAccount": false
}
}
}
},
"acctEntParams": {
"processingType": "entToAcctMapping"
},
"errorHandling": {
"authError": ["InvalidAuthenticationToken", "AuthenticationFailed"],
"expiryError": ["TokenExpiredError"],
"retryFailureStatusCode": [401, 403],
"timeOutError": ["ETIMEDOUT", "ESOCKETTIMEDOUT"],
"errorPath": "error",
"maxRefreshTryCount": 3
}
}
07/08/2024 11:07 PM
this one not working - job is failing
Job Name | Application Data Import (Multi Threaded) |
Job Type | full |
Import Type | access |
Warning invalid record for DirectoryRole | Invalid record not processed for DirectoryRole. Error Message - null |
Total invalid records skipped for DirectoryRole | 2 |
Entitlements2 Mapping deleted | 0 |
EntitlementMap Mapping deleted | 0 |
error :
07/09/2024 12:26 AM
@N598231 it is working in postman ? correclty?
07/09/2024 06:01 AM
yes, its working in postman and i tried below by updating the connection type to acctauth and job is success but its not showing any accounts under Global administrator or any directory role
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty11",
"activeStatus": [
"false"
],
"deleteLinks": true,
"accountThresholdValue": 10,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "users",
"keyField": "accountID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"status": "accountEnabled~#~char",
"displayName": "displayName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty3": "jobTitle~#~char",
"customproperty4": "mail~#~char",
"customproperty5": "mobilePhone~#~char",
"customproperty6": "officeLocation~#~char"
}
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"DirectoryRole": {
"entTypeOrder": 0,
"entTypeLabels": {
"customproperty1": "Deleted",
"customproperty2": "CreatedAt",
"customproperty3": "UpdatedAt"
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/directoryRoles",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"description": "description~#~char",
"entitlement_glossary": "description~#~char",
"customproperty4": "description~#~char",
"customproperty3": "deletedDateTime~#~char",
"customproperty8": "roleTemplateId~#~char",
"acctEntMappingInfoColumnFromEnt": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"entTypes": {
"DirectoryRole": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpEntToAcct",
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://graph.microsoft.com/v1.0/directoryRoles/${id}/members",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
"listField": "value",
"entKeyField": "entitlementID",
"acctIdPath": "id",
"acctKeyField": "accountID"
}
}
}
}
}
}
07/09/2024 06:25 AM
update: this issue has been resolved with below one
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"status": "accountEnabled~#~char",
"displayName": "displayName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty3": "jobTitle~#~char",
"customproperty4": "mail~#~char",
"customproperty5": "mobilePhone~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"DirectoryRole": {
"entTypeOrder": 0,
"entTypeLabels": {
"customproperty1": "Deleted",
"customproperty2": "CreatedAt",
"customproperty3": "UpdatedAt"
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/directoryRoles",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"description": "description~#~char",
"entitlement_glossary": "description~#~char",
"customproperty4": "description~#~char",
"customproperty3": "deletedDateTime~#~char",
"customproperty8": "roleTemplateId~#~char",
"acctEntMappingInfoColumnFromEnt": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"entTypes": {
"DirectoryRole": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpEntToAcct",
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://graph.microsoft.com/v1.0/directoryRoles/${id}/members",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
"listField": "value",
"entKeyField": "entitlementID",
"acctIdPath": "id",
"acctKeyField": "accountID"
}
}
}
}
}
}
07/08/2024 07:56 PM
Quick question - Is there any limitation with Azure AD connector hence you are using REST connector ?
07/08/2024 10:59 PM
yes, we are getting following error when connecting to b2c tenant using AzureAD connector.
024-07-05T08:57:31.611+00:00 | ecm | null-plwzj | 2024-07-05T08:57:31.258241441Z stdout F 2024-07-05 08:57:31,258 [http-nio-8080-exec-428] ERROR azure.AzureProvisioningService - Error while saving the Connection: Request Header/Body is incorrect. Target Response status Code: 400, Target Error Message: [Change enumeration is not supported for requested tenant.] |