and more in a single search tool across platforms. Read the announcement here. |
12/01/2023 04:58 AM - last edited on 12/01/2023 05:04 AM by Sunil
Hi All,
We have a use case to provision an attribute, UPN , as a part of Azure AD provisioning via Saviynt directly to the target. We have implemented the logic on the createAADgroup.gsp and the OOTB Manage AAD form looks fine.
The only issue that we see is that there does not seem to be an attribute to hold UPN on the target AAD side, also, we tried provisioning it to the Mail Attribute but are thrown with an error message that the attribute is read only.
We would like to understand if this is a feasible use case with an Azure AD OOTB connector, if yes, can we please get some assistance on how to proceed further. Please find the creategroupjson being used below:
{
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/groups",
"httpMethod": "POST",
"httpParams": "{\"description\": \"${roles.description}\", \"Mail\": \"abc@domain.com\", \"displayName\": \"${roles.role_name}\", \"groupTypes\": [\"${(roles.customproperty21=='Office365')?'Unified':''}\"], \"mailEnabled\": \"${roles.customproperty22 == '1' ? true : false}\", \"mailNickname\": \"${roles.customproperty2}\", \"securityEnabled\": \"${roles.customproperty23 == '1' ? true : false}\",\"owners@odata.bind\": [\"${allOwner}\"]}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json"
}
This json works fine when the \"Mail\": \"abc@domain.com\" attribute is removed. Attaching the error messages below.
Thanks
[This message has been edited by moderator to remove domain info]
12/04/2023 09:42 PM
Hello @Aashish-Handa,
Currently, implementing this functionality is not feasible due to the lack of support in the target system. thought, you could explore the option of using extension attributes as an alternative approach.
Thanks