Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/26/2023 10:47 AM
We added global administrator role to the application account. We can remove users from azure AD
We however get 403 when we try to remove the user from AADGROUP
below is the json we are using for adding access
{
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/groups/${entitlementValue.entitlementID}/members/\\$ref",
"httpMethod": "POST",
"httpParams": "{\"@ \": \"${member}\"}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json",
"name": "AADGroup"
}
below is the json we remove access
{
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/groups/${entitlementValue.entitlementID}/members/${account.accountI...\$ref",
"httpMethod": "DELETE",
"httpParams": "",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json"
}
can anyone suggest a solution to this issue ?
thanks
Solved! Go to Solution.
07/26/2023 11:59 AM
Hi @venkat ,
From the screenshot, seems like you are getting 404 NOT FOUND and not 403. Seems like group id which you are using in the url is not exist in AAD.
Can you check it once and try.
07/28/2023 08:50 AM
got postman to work. Can add or remove access via postman. Now getting error when i use ARS
below is the error
DEBUG azure.AzureADProvisioningService - Error while Adding Access to Account
2023-07-28/15:20:02.534 [{}] [quartzScheduler_Worker-11] DEBUG azure.AzureADProvisioningService - Result: false
Error in processGroupInTargetgroovy.lang.GroovyRuntimeException: Ambiguous method overloading for method java.lang.String#<init>.
Cannot resolve which method to invoke for [null] due to overlapping prototypes between:
[class [B]
[class [C]
[class java.lang.String]
07/29/2023 07:06 AM - edited 07/29/2023 07:07 AM
{
"call": [{
"name": "AADGroup",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/groups/${entitlementValue.entitlementID}/members/\\$ref",
"httpMethod": "POST",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/directoryObjects/${account.accountID}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
},
{
"name": "DirectoryRole",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/directoryRoles/${entitlementValue.entitlementID}/members/\\$ref",
"httpMethod": "POST",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/directoryObjects/${account.accountID}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
},
"unsuccessResponses": {
"odata~dot#error.code": [
"Request_BadRequest",
"Authentication_MissingOrMalformed",
"Request_ResourceNotFound",
"Authorization_RequestDenied",
"Authentication_Unauthorized"
]
}
}
]
}
remove
{
"call": [{
"name": "AADGroup",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/groups/${entitlementValue.entitlementID}/members/${account.accountI...\$ref",
"httpMethod": "DELETE",
"httpHeaders": {
"Authorization": "Bearer ${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
},
"unsuccessResponses": {
"odata~dot#error.code": [
"Request_BadRequest",
"Authentication_MissingOrMalformed",
"Request_ResourceNotFound",
"Authorization_RequestDenied",
"Authentication_Unauthorized"
]
}
},
{
"name": "DirectoryRole",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/directoryRoles/${entitlementValue.entitlementID}/members/${account....\$ref",
"httpMethod": "DELETE",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]}
07/30/2023 02:51 PM
getting same error.
below is the add json.
{
"call": [{
"name": "AADGroup",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/groups/${entitlementValue.entitlementID}/members/\\$ref",
"httpMethod": "POST",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/directoryObjects/${account.accountID}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
},
{
"name": "DirectoryRole",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/directoryRoles/${entitlementValue.entitlementID}/members/\\$ref",
"httpMethod": "POST",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/directoryObjects/${account.accountID}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
},
"unsuccessResponses": {
"odata~dot#error.code": [
"Request_BadRequest",
"Authentication_MissingOrMalformed",
"Request_ResourceNotFound",
"Authorization_RequestDenied",
"Authentication_Unauthorized"
]
}
}
]
}
getting error
07/30/2023 05:00 PM
Are you using saviynt default entitlement_attribute configuration in import connection ?
can you check whether entitlement have entitlementid in data analyzer using below query
select entitlementid,entitlement_value from entitlement_values where entitlement_value='Autopilot-Test2'
07/31/2023 06:56 AM
07/31/2023 06:59 AM
i have not added anything in entitlement attribute, Can you provide me the default values for it
08/01/2023 11:42 AM
The Error in processGroupInTargetgroovy.lang.GroovyRuntimeException: Ambiguous method overloading for method java.lang.String#<init>.
Cannot resolve which method to invoke for [null] due to overlapping prototypes between:
[class [B]
[class [C]
[class java.lang.String] error is got if you use AZURE AD connector to provision access or remove access. I created another connection and used Azure Rest connection and it provisioned access and removed access
08/09/2023 02:50 PM
Can you please elaborate? I'm having that ambiguous method overloading error for a different rest connection, but I'm also having issues removing AADGroups with the AAD connector. Did you get that resolved?
08/09/2023 04:25 PM
i used azureAD_provisioning_Template for adding and removing accounts from AADgroups. I did not remove AADgroups
08/09/2023 08:45 PM
Share json
07/30/2023 03:06 PM
it works in postman with same group and account