and more in a single search tool across platforms. Read the announcement here. |
05/30/2023 03:26 AM
Hello,
We have problem with REST connector provisioning to Azure AD. Using the attributes (for example ${user.displayname}) like in the Saviynt documentation is not working but instead it gets sent to AAD like this: "displayName": "${user.displayname}",
My CreateAccountJSON:
{
"accountIdPath": "call1.message.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"displayName": "call1.message.displayName~#~char",
"name": "call1.message.userPrincipalName~#~char"
},
"call": [
{
"name": "call1",
"connection": "AzureADProvisioning",
"url": "https://graph.microsoft.com/v1.0/users",
"httpMethod": "POST",
"httpParams": "{\"accountEnabled\":true,\"employeeId\":\"11223344\",\"surname\":\"${user.lastname}\",\"givenName\":\"${user.preferedfirstname}\",\"displayName\":\"${user.displayname}\",\"department\":\"${user.companyname}\",\"jobTitle\":\"${user.title}\",\"employeeHireDate\":\"2023-05-30T07:14:21\",\"mailNickname\":\"${user.username}\",\"userPrincipalName\":\"${user.email}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"{password}\"},\"usageLocation\":\"FI\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
This is how it looks in Azure AD:
"value": [
{
"accountEnabled": true,
"mail": null,
"businessPhones": [],
"surname": "${user.lastname}",
"givenName": "${user.preferedfirstname}",
"displayName": "${user.displayname}",
...
Any ideas what could be the problem?
Best regards,
Tommi
Solved! Go to Solution.
05/30/2023 05:07 AM
Hello @Tommil,
Seems there is syntax error in your Json, would request you to fix that and try!
Thanks,
05/30/2023 11:08 PM
Hello,
I now fixed the syntax error:
05/31/2023 12:46 AM
Hello @Tommil,
You may try the below Json, could you please also share what are you seeing in the logs?
========================================================
{
"accountIdPath": "call1.message.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"displayName": "call1.message.displayName~#~char",
"name": "call1.message.userPrincipalName~#~char"
},
"call": [
{
"name": "call1",
"connection": "AzureADProvisioning",
"url": "https://graph.microsoft.com/v1.0/users",
"httpMethod": "POST",
"httpParams": "{\"accountEnabled\":true,\"employeeId\":\"11223344\",\"surname\":\"${user.lastname}\",\"givenName\":\"${user.preferedfirstname}\",\"displayName\":\"${user.displayname}\",\"department\":\"${user.companyname}\",\"jobTitle\":\"${user.title}\",\"employeeHireDate\":\"2023-05-30T07:14:21\",\"mailNickname\":\"${user.username}\",\"userPrincipalName\":\"${user.email}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"{password}\"},\"usageLocation\":\"FI\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}
======================================================
Thanks,
05/31/2023 10:06 PM - edited 06/09/2023 04:35 AM
Hi @sudeshjaiswal ,
I tested the JSON you provided and received the same error that it's not using the attributes from the user but the notions e.g. ${user.email} instead. There is error that
"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","target":"userPrincipalName"}],"
But I have checked that the domain is correct in the user email field. And if I hard code the same value to the JSON instead of using the ${user.email} it works so it's not getting the value correctly from ${user.email} notion.
I attached the logs as you requested.
Edit: Removed the logs file as this got Resolved.
Best regards,
Tommi
05/31/2023 10:40 PM - edited 05/31/2023 10:43 PM
Hello @Tommil,
Thanks for sharing the details log and your analysis, it is a binging variable issue,
I have reformatted the json, you may try it now!
=====================================================
{
"accountIdPath": "call1.message.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"displayName": "call1.message.displayName~#~char",
"name": "call1.message.userPrincipalName~#~char"
},
"call": [
{
"name": "call1",
"connection": "AzureADProvisioning",
"url": "https://graph.microsoft.com/v1.0/users",
"httpMethod": "POST",
"httpParams": "{\"accountEnabled\":true,\"employeeId\":\"11223344\",\"surname\":\"${user.lastname}\",\"givenName\":\"${user.preferedFirstName}\",\"displayName\":\"${user.displayname}\",\"department\":\"${user.companyname}\",\"jobTitle\":\"${user.title}\",\"employeeHireDate\":\"2023-05-30T07:14:21\",\"mailNickname\":\"${user.username}\",\"userPrincipalName\":\"${user.email}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"},\"usageLocation\":\"FI\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}
======================================================
For Ref:- https://docs.saviyntcloud.com/bundle/AzureAD-v23x/page/Content/Configuring-the-Integration-for-Provi...
Thanks,
06/01/2023 01:18 AM
Hi,
Yes the problem was with this as it was case sensitive: \"givenName\":\"${user.preferedFirstName}
It works now, thanks!
-Tommi