Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Azure AD REST Provisioning user attributes not working

Go to solution
Tommil
New Contributor III
New Contributor III

‎05/30/2023 03:26 AM

Hello,

 

We have problem with REST connector provisioning to Azure AD. Using the attributes (for example ${user.displayname}) like in the Saviynt documentation is not working but instead it gets sent to AAD like this: "displayName""${user.displayname}",

 

My CreateAccountJSON:

{

  "accountIdPath": "call1.message.id",

  "dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",

  "responseColsToPropsMap": {

    "displayName": "call1.message.displayName~#~char",

    "name": "call1.message.userPrincipalName~#~char"

  },

  "call": [

    {

      "name": "call1",

      "connection": "AzureADProvisioning",

      "url": "https://graph.microsoft.com/v1.0/users",

      "httpMethod": "POST",

      "httpParams": "{\"accountEnabled\":true,\"employeeId\":\"11223344\",\"surname\":\"${user.lastname}\",\"givenName\":\"${user.preferedfirstname}\",\"displayName\":\"${user.displayname}\",\"department\":\"${user.companyname}\",\"jobTitle\":\"${user.title}\",\"employeeHireDate\":\"2023-05-30T07:14:21\",\"mailNickname\":\"${user.username}\",\"userPrincipalName\":\"${user.email}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"{password}\"},\"usageLocation\":\"FI\"}",

      "httpHeaders": {

        "Authorization": "${access_token}"

      },

      "httpContentType": "application/json",

      "successResponses": {

        "statusCode": [

          200,

          201,

          204,

          205

        ]

      }

    }

This is how it looks in Azure AD:

"value": [

        {

            "accountEnabled": true,

            "mail": null,

            "businessPhones": [],

            "surname": "${user.lastname}",

            "givenName": "${user.preferedfirstname}",

            "displayName""${user.displayname}",

            ...

Any ideas what could be the problem?

Best regards,

Tommi

Labels:
0 Kudos
6 REPLIES 6

Go to solution
sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎05/30/2023 05:07 AM

Hello @Tommil,

Seems there is syntax error in your Json, would request you to fix that and try!

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
Tommil
New Contributor III
New Contributor III

‎05/30/2023 11:08 PM

Hello, 

I now fixed the syntax error:

{
    "accountIdPath": "call1.message.id",
    "dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
    "responseColsToPropsMap": {
        "displayName": "call1.message.displayName~#~char",
        "name": "call1.message.userPrincipalName~#~char"
    },
    "call": [
        {
            "name": "call1",
            "connection": "AzureADProvisioning",
            "url": "https://graph.microsoft.com/v1.0/users",
            "httpMethod": "POST",
            "httpParams": "{\"accountEnabled\":true,\"employeeId\":\"${user.employeeid}\",\"surname\":\"${user.lastname}\",\"givenName\":\"${user.preferedfirstname}\",\"displayName\":\"${user.displayname}\",\"department\":\"${user.companyname}\",\"jobTitle\":\"${user.title}\",\"employeeHireDate\":\"2023-05-30T07:14:21\",\"mailNickname\":\"${user.username}\",\"userPrincipalName\":\"${user.email}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"},\"usageLocation\":\"FI\"}",
            "httpHeaders": {
                "Authorization": "${access_token}"
            },
            "httpContentType": "application/json",
            "successResponses": {
                "statusCode": [
                    200,
                    201,
                    204,
                    205
                ]
            }
        }
    ]
}
 
But it's still not getting those user attributes from Saviynt.
Any ideas?
 
Thanks,
Tommi
0 Kudos

Go to solution
sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎05/31/2023 12:46 AM

Hello @Tommil,

You may try the below Json, could you please also share what are you seeing in the logs?
========================================================

{
"accountIdPath": "call1.message.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"displayName": "call1.message.displayName~#~char",
"name": "call1.message.userPrincipalName~#~char"
},
"call": [
{
"name": "call1",
"connection": "AzureADProvisioning",
"url": "https://graph.microsoft.com/v1.0/users",
"httpMethod": "POST",
"httpParams": "{\"accountEnabled\":true,\"employeeId\":\"11223344\",\"surname\":\"${user.lastname}\",\"givenName\":\"${user.preferedfirstname}\",\"displayName\":\"${user.displayname}\",\"department\":\"${user.companyname}\",\"jobTitle\":\"${user.title}\",\"employeeHireDate\":\"2023-05-30T07:14:21\",\"mailNickname\":\"${user.username}\",\"userPrincipalName\":\"${user.email}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"{password}\"},\"usageLocation\":\"FI\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}
======================================================

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
Tommil
New Contributor III
New Contributor III

‎05/31/2023 10:06 PM - edited ‎06/09/2023 04:35 AM

Hi @sudeshjaiswal ,

I tested the JSON you provided and received the same error that it's not using the attributes from the user but the notions e.g. ${user.email} instead. There is error that

"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","target":"userPrincipalName"}],"

But I have checked that the domain is correct in the user email field. And if I hard code the same value to the JSON instead of using the ${user.email} it works so it's not getting the value correctly from ${user.email} notion.

I attached the logs as you requested.

Edit: Removed the logs file as this got Resolved.

Best regards,

Tommi

 

0 Kudos

Go to solution
sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎05/31/2023 10:40 PM - edited ‎05/31/2023 10:43 PM

Hello @Tommil,

Thanks for sharing the details log and your analysis, it is a binging variable issue,
I have reformatted the json, you may try it now!

=====================================================


{
"accountIdPath": "call1.message.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"displayName": "call1.message.displayName~#~char",
"name": "call1.message.userPrincipalName~#~char"
},
"call": [
{
"name": "call1",
"connection": "AzureADProvisioning",
"url": "https://graph.microsoft.com/v1.0/users",
"httpMethod": "POST",
"httpParams": "{\"accountEnabled\":true,\"employeeId\":\"11223344\",\"surname\":\"${user.lastname}\",\"givenName\":\"${user.preferedFirstName}\",\"displayName\":\"${user.displayname}\",\"department\":\"${user.companyname}\",\"jobTitle\":\"${user.title}\",\"employeeHireDate\":\"2023-05-30T07:14:21\",\"mailNickname\":\"${user.username}\",\"userPrincipalName\":\"${user.email}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"},\"usageLocation\":\"FI\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}
======================================================

For Ref:- https://docs.saviyntcloud.com/bundle/AzureAD-v23x/page/Content/Configuring-the-Integration-for-Provi... 

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Go to solution
Tommil
New Contributor III
New Contributor III

‎06/01/2023 01:18 AM

Hi,

Yes the problem was with this as it was case sensitive: \"givenName\":\"${user.preferedFirstName}

It works now, thanks!

-Tommi

Copyright © 2024 Khoros, LLC