Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Azure AD - customSecurityAttributeValue Filters in Account Import

rushikeshvartak
All-Star
All-Star
  • Use case : Importing Service Account based on flag stored in Custom Security Attribute 
  • Background
    • We have already utilized all extensible attributes hence we can't store service account type in Externsible attribute or user attribute 
  • Connector : Azure AD
  • Configuration : ACCOUNT_IMPORT_FIELDS
    • id,userPrincipalName&$expand=customSecurityAttributes
  • Issue : Accounts import failed:
    • Parsing OData Select and Expand failed: Property 'customSecurityAttributes' on type 'microsoft.graph.user' is not a navigation property or complex property. Only navigation properties can be expanded.
  • rushikeshvartak_0-1719849963694.png

     

  • Need confirmation on support of customSecurityAttributeValue by Azure AD connector
  • rushikeshvartak_0-1719850247160.png

     


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
20 REPLIES 20

prafullgoyal
Saviynt Employee
Saviynt Employee

Hi @rushikeshvartak ,

Because the problem is associated with the process of accessing the graph API, the graph API does not support the expand operation for "customSecurityAttributes". Could you please locate the screenshot?

prafullgoyal_2-1719895563095.png

 

Try "?$select=id,userPrincipalName,customSecurityAttributes" It should work.

 

Thanks 

Prafull,

 

 

If you find the above response useful, Kindly Mark it as "Accept As Solution".

What will be mapping in ACCOUNT_ATTRIBUTES?

"customproperty23": "customSecurityAttributes.ABC.AccountType~#~char",

Its not working


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

prafullgoyal
Saviynt Employee
Saviynt Employee

Hi @rushikeshvartak ,

Which error are you experiencing, if any? May I kindly request that you share the logs in order to validate the request, response, and error?

Thanks 

Prafull, 

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Please find logs for pre-import preview ( expected value should come in cp23)

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

prafullgoyal
Saviynt Employee
Saviynt Employee

Hi @rushikeshvartak ,

I am unable to locate the "customSecurityAttributeValue" attribute value that has been retrieved by the "AzureAD" Connector while I am looking through the logs. Or there is a lack of data for the top two ids. Please check to see if the data is available, and if it is, then you ought to try REST and let me know the results.

Thanks 

Prafull,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

We know it will work with REST Connector but we don't want another connector for this use case.

rushikeshvartak_0-1719981621297.png

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

You have attempted to store the whole "customSecurityAttributeValue" JSON in cp23, have you?

Thanks 

Prafull,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

I tried 3 variation 

  • customSecurityAttributes
  • customSecurityAttributes.ABC
  • customSecurityAttributes.ABC.AccountType

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

prafullgoyal
Saviynt Employee
Saviynt Employee

Could you please share the Postman response of below request?

"https://graph.microsoft.com/v1.0/users?$count=true&$select=id,userPrincipalName,companyName,givenNa...

Thanks 

Prafull,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

GET: https://graph.microsoft.com/v1.0/users?$count=true&$select=id,userPrincipalName,companyName,givenNam...

Below is the response line wrapped. Please review and share your response.

ShivamSharma_1-1720101782354.png

 

@prafullgoyal  Please suggest solution


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

prafullgoyal
Saviynt Employee
Saviynt Employee

Simply delete "customsecurityattributes" from account import fields and account attribute mapping and see whether the import works properly; this will tell whether the problem is with this attribute or something else.

Technically, I believe this should work; I recently tried to fetch the "signinactivity" attribute and was successful, simply by adding it to the account import field and mapping it to a customer property with a comparable json structure.

format of that attribute is as below via postman call:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(signInActivity)/$entity",
"id": "XXXXX",
"signInActivity": {
"lastSignInDateTime": "2024-03-22T12:53:34Z",
"lastSignInRequestId": "XX-5863-4a40-88d1-231cc93a5000",
"lastNonInteractiveSignInDateTime": "2024-03-22T12:53:40Z",
"lastNonInteractiveSignInRequestId": "c7782679-d6b6-XX-a241-f3d04d987600"
}
}

mapping it in account attributes as below worked for me,
"customproperty31":"signInActivity~#~char",
"LASTLOGONDATE":"signInActivity.lastSignInDateTime~#~date"
here first CP31 will have complete json, lastlogon will have just 2024-03-22T12:53:34Z, hope this helps.

If still facing issue , please follow the support process with all relevant logs.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

I tried for signInActivity but did not worked and here ask is about customsecurityattributevalue


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

It worked for me for signInActivity but my ask is different

rushikeshvartak_0-1720672423267.png

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

prafullgoyal
Saviynt Employee
Saviynt Employee

I have provided an example to import; if it does not work, I suspect a configuration issue.

Please follow the support process with all relevant logs.

Thanks 

Prafull,

 

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Does it work for CustomSecurityAttributeValue  for you ?

FD https://saviyntsupport.saviynt.com/support/tickets/2038795


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

prafullgoyal
Saviynt Employee
Saviynt Employee

Simply enter the URL below into Postman and check to see whether you are receiving the desired response.

https://graph.microsoft.com/v1.0/users?&$select=id,displayName,customSecurityAttributes

If the answer is yes, then you will need to follow on FD; otherwise, you will need to use REST.

Thanks 

Prafull,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

ShivamSharma_1-1720101782354.png

Refer Postman screenshot

 

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

As confirmed by TAM , its not supported from OOTB Azure AD connector. It can be achieved using REST Connector.

Idea raised 

https://ideas.saviynt.com/ideas/EIC-I-5932

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.