Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Azure AD - customSecurityAttributeValue Filters in Account Import

Go to solution
rushikeshvartak
All-Star
All-Star

‎07/01/2024 09:08 AM - edited ‎07/01/2024 09:11 AM

  • Use case : Importing Service Account based on flag stored in Custom Security Attribute 
  • Background
    • We have already utilized all extensible attributes hence we can't store service account type in Externsible attribute or user attribute 
  • Connector : Azure AD
  • Configuration : ACCOUNT_IMPORT_FIELDS
    • id,userPrincipalName&$expand=customSecurityAttributes
  • Issue : Accounts import failed:
    • Parsing OData Select and Expand failed: Property 'customSecurityAttributes' on type 'microsoft.graph.user' is not a navigation property or complex property. Only navigation properties can be expanded.
  • rushikeshvartak_0-1719849963694.png

     

  • Need confirmation on support of customSecurityAttributeValue by Azure AD connector
  • rushikeshvartak_0-1719850247160.png

     


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
20 REPLIES 20

Go to solution
prafullgoyal
Saviynt Employee
Saviynt Employee

‎07/01/2024 09:41 PM - edited ‎07/01/2024 09:46 PM

Hi @rushikeshvartak ,

Because the problem is associated with the process of accessing the graph API, the graph API does not support the expand operation for "customSecurityAttributes". Could you please locate the screenshot?

prafullgoyal_2-1719895563095.png

 

Try "?$select=id,userPrincipalName,customSecurityAttributes" It should work.

 

Thanks 

Prafull,

 

 

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to prafullgoyal

‎07/01/2024 09:48 PM

What will be mapping in ACCOUNT_ATTRIBUTES?

"customproperty23": "customSecurityAttributes.ABC.AccountType~#~char",

Its not working


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
prafullgoyal
Saviynt Employee
Saviynt Employee

‎07/01/2024 10:34 PM

Hi @rushikeshvartak ,

Which error are you experiencing, if any? May I kindly request that you share the logs in order to validate the request, response, and error?

Thanks 

Prafull, 

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to prafullgoyal

‎07/02/2024 10:34 AM

Please find logs for pre-import preview ( expected value should come in cp23)

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
Preview file
58 KB
0 Kudos

Go to solution
prafullgoyal
Saviynt Employee
Saviynt Employee

‎07/02/2024 09:19 PM

Hi @rushikeshvartak ,

I am unable to locate the "customSecurityAttributeValue" attribute value that has been retrieved by the "AzureAD" Connector while I am looking through the logs. Or there is a lack of data for the top two ids. Please check to see if the data is available, and if it is, then you ought to try REST and let me know the results.

Thanks 

Prafull,

If you find the above response useful, Kindly Mark it as "Accept As Solution".
Preview file
3 KB
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to prafullgoyal

‎07/02/2024 09:44 PM

We know it will work with REST Connector but we don't want another connector for this use case.

rushikeshvartak_0-1719981621297.png

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
Preview file
17 KB
0 Kudos

Go to solution
prafullgoyal
Saviynt Employee
Saviynt Employee
In response to rushikeshvartak

‎07/02/2024 10:09 PM

You have attempted to store the whole "customSecurityAttributeValue" JSON in cp23, have you?

Thanks 

Prafull,

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to prafullgoyal

‎07/02/2024 10:21 PM

I tried 3 variation 

  • customSecurityAttributes
  • customSecurityAttributes.ABC
  • customSecurityAttributes.ABC.AccountType

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
prafullgoyal
Saviynt Employee
Saviynt Employee

‎07/03/2024 03:19 AM - edited ‎07/03/2024 03:20 AM

Could you please share the Postman response of below request?

"https://graph.microsoft.com/v1.0/users?$count=true&$select=id,userPrincipalName,companyName,givenNa...

Thanks 

Prafull,

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
ShivamSharma
New Contributor
New Contributor
In response to prafullgoyal

‎07/04/2024 06:38 AM - edited ‎07/04/2024 07:09 AM

GET: https://graph.microsoft.com/v1.0/users?$count=true&$select=id,userPrincipalName,companyName,givenNam...

Below is the response line wrapped. Please review and share your response.

ShivamSharma_1-1720101782354.png

 

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to prafullgoyal

‎07/10/2024 02:18 PM

@prafullgoyal  Please suggest solution


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
prafullgoyal
Saviynt Employee
Saviynt Employee

‎07/10/2024 07:53 PM

Simply delete "customsecurityattributes" from account import fields and account attribute mapping and see whether the import works properly; this will tell whether the problem is with this attribute or something else.

Technically, I believe this should work; I recently tried to fetch the "signinactivity" attribute and was successful, simply by adding it to the account import field and mapping it to a customer property with a comparable json structure.

format of that attribute is as below via postman call:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(signInActivity)/$entity",
"id": "XXXXX",
"signInActivity": {
"lastSignInDateTime": "2024-03-22T12:53:34Z",
"lastSignInRequestId": "XX-5863-4a40-88d1-231cc93a5000",
"lastNonInteractiveSignInDateTime": "2024-03-22T12:53:40Z",
"lastNonInteractiveSignInRequestId": "c7782679-d6b6-XX-a241-f3d04d987600"
}
}

mapping it in account attributes as below worked for me,
"customproperty31":"signInActivity~#~char",
"LASTLOGONDATE":"signInActivity.lastSignInDateTime~#~date"
here first CP31 will have complete json, lastlogon will have just 2024-03-22T12:53:34Z, hope this helps.

If still facing issue , please follow the support process with all relevant logs.

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to prafullgoyal

‎07/10/2024 09:12 PM

I tried for signInActivity but did not worked and here ask is about customsecurityattributevalue


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to rushikeshvartak

‎07/10/2024 09:19 PM - edited ‎07/10/2024 09:22 PM


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to prafullgoyal

‎07/10/2024 09:34 PM

It worked for me for signInActivity but my ask is different

rushikeshvartak_0-1720672423267.png

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
prafullgoyal
Saviynt Employee
Saviynt Employee

‎07/10/2024 09:26 PM

I have provided an example to import; if it does not work, I suspect a configuration issue.

Please follow the support process with all relevant logs.

Thanks 

Prafull,

 

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to prafullgoyal

‎07/10/2024 09:30 PM

Does it work for CustomSecurityAttributeValue  for you ?

FD https://saviyntsupport.saviynt.com/support/tickets/2038795


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
prafullgoyal
Saviynt Employee
Saviynt Employee

‎07/10/2024 11:26 PM

Simply enter the URL below into Postman and check to see whether you are receiving the desired response.

https://graph.microsoft.com/v1.0/users?&$select=id,displayName,customSecurityAttributes

If the answer is yes, then you will need to follow on FD; otherwise, you will need to use REST.

Thanks 

Prafull,

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to prafullgoyal

‎07/10/2024 11:27 PM - edited ‎07/10/2024 11:28 PM

ShivamSharma_1-1720101782354.png

Refer Postman screenshot

 

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to rushikeshvartak

‎08/13/2024 10:03 AM

As confirmed by TAM , its not supported from OOTB Azure AD connector. It can be achieved using REST Connector.

Idea raised 

https://ideas.saviynt.com/ideas/EIC-I-5932

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC