Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Azure Rest Connector for account and entitlement import

Smiling
Regular Contributor
Regular Contributor

Hi,

I am trying to import account from Azure AD using rest connector, I was able to import accounts from Azure AD connector but now I want to do it from rest connector. I have gone through the Saviynt documentation Developers Handbook (saviyntcloud.com) (ImportAccountEntJSON) but it wasn't useful.

I have tried with Solved: Azure REST connector - Account/Group import - Saviynt Forums - 2897 this but it doesn't work for me.

 

Can someone provide a sample working Json for ImportAccountEntJSON please.

21 REPLIES 21

rushikeshvartak
All-Star
All-Star

Any reason for not using OOTB Azure AD connector ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi @Smiling 

Could you please provide more details about the use case which you are unable to perform using OOTB connector?

Also please provide the error/issue you are facing when trying to use from the post Solved: Azure REST connector - Account/Group import - Saviynt Forums - 2897

Regards,

Dhruv Sharma

Smiling
Regular Contributor
Regular Contributor

I am using following JSON,

"acctEntParams": {
"entTypes": {
"AADGroup": {
"call": {
"call1": {
"processingType": "httpEntToAcct",
"connection": "userAuth",
"listField": "value",
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"acctIdPath": "id",
"http": {
"url": "https://graph.microsoft.com/v1.0/groups/${id}/members/microsoft.graph.user",
"httpMethod": "GET",
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}"
}
},
"pagination": {
"nextUrl": {"nextUrlPath": "${(response?.completeResponseMap?.get('@odata.nextLink')==null)? null : response?.completeResponseMap?.get('@odata.nextLink')}"}
}
}
}
}
}
}

and facing following error

Screenshot (318).png

Error While Test connection: JSON syntax exception found in the following connection parameters - ImportAccountEntJSON

I am importing user from Azure AD using Rest connection (ImportUserJSON) for this I need to set rest connect in security system. Previously when I was using OOTB Azure AD connector, I set Azure AD as an Import connector and rest connector as provisioning connector. but now Because I am using Rest connector for importing user. I wanted to try rest connector (ImportAccountEntJSON) for importing accounts, so I don't need to change connectors.   

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @Smiling 

The JSON you have mentioned is not the complete ImportAccountEntJSON JSON but only part of acctEntParams. 

Please try with below and let me know if this works.

{
"acctEntParams": {
"entTypes": {
"AADGroup": {
"call": {
"call1": {
"processingType": "httpEntToAcct",
"connection": "userAuth",
"listField": "value",
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"acctIdPath": "id",
"http": {
"url": "https://graph.microsoft.com/v1.0/groups/${id}/members/microsoft.graph.user",
"httpMethod": "GET",
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}"
}
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${(response?.completeResponseMap?.get('@odata.nextLink')==null)? null : response?.completeResponseMap?.get('@odata.nextLink')}"
}
}
}
}
}
}
}
}

Regards,

Dhruv Sharma

 

Smiling
Regular Contributor
Regular Contributor

Thanks for your help.

It is giving following error.

Screenshot (319).png

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @Smiling 

Let me check the JSON and get back to you. 

Regards,

Dhruv Sharma

Refer https://forums.saviynt.com/t5/identity-governance/azure-ad-rest-import-issue/m-p/47010


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Thanks for help,

Sorry but I am not getting it. I have even gone through the documentation. but not getting clear idea what to insert in Json there are lot of examples in documentation it's kind of confusing for me can you guys provide me exact working sample Json please.

 

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @Smiling 

Please use the below complete ImportAccountEntJSON. If you see any error, please collect logs and share the error snippet.

{
"showLogs": true,
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200,
201
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
404,
405,
500
]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users?$select=displayName,userPrincipalName,employeeid,accountEnabl...",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"acctLabels": {
"customproperty1": "FirstName"
},
"colsToPropsMap": {
"accountID": "Id~#~char",
"name": "userPrincipalName~#~char",
"displayName": "Name~#~char",
"customproperty3": "employeeId~#~char",
"status": "accountEnabled~#~char"
}
}
}
},
"userResponsePath": "value",
"pagination": {
"nextUrl": {
"nextUrlPath": "${(response?.completeResponseMap?.get('@odata.nextLink')==null)? null : response?.completeResponseMap?.get('@odata.nextLink').replace('%2c',',')}"
}
},
"entitlementParams": {},
"acctEntParams": {
"entTypes": {
"AADGroup": {
"call": {
"call1": {
"processingType": "httpEntToAcct",
"connection": "userAuth",
"listField": "value",
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"acctIdPath": "id",
"http": {
"url": "https://graph.microsoft.com/v1.0/groups/${id}/members/microsoft.graph.user",
"httpMethod": "GET",
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}"
}
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${(response?.completeResponseMap?.get('@odata.nextLink')==null)? null : response?.completeResponseMap?.get('@odata.nextLink')}"
}
}
}
}
}
}
}
}

Regards,
Dhruv Sharma
If the response is helpful, please click Accept As Solution and kudos it.

Smiling
Regular Contributor
Regular Contributor

It is throwing following error,

Screenshot (321).png

I have attached log file as well

 

 

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @Smiling 

Please try changing the below highlighted parameter from the above JSON from userAuth to acctAuth

"acctEntParams": {
"entTypes": {
"AADGroup": {
"call": {
"call1": {
"processingType": "httpEntToAcct",
"connection": "userAuth",

Smiling
Regular Contributor
Regular Contributor

Still giving same error

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @Smiling 

Please share the connection JSON. Exclude/Hide the sensitive information (If any). 

Regards,

Dhruv Sharma

Smiling
Regular Contributor
Regular Contributor

Sorry earlier by mistake I have send createaccount json,

Connection json 

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "https://login.microsoftonline.com//oauth2/token?api-version=1.6",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"client_secret": "",
"client_id": "",
"resource": "https://graph.microsoft.com/" },
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded" },
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken" ],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abcd" },
"entAuth": {
"authType": "oauth2",
"url": "https://login.microsoftonline.com//oauth2/token?api-version=1.6",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"client_secret": "",
"client_id": "",
"resource": "https://graph.windows.net/" },
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded" },
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"Authentication_MissingOrMalformed" ],
"timeOutError": "Read timed out",
"errorPath": "odata~dot#error.code",
"maxRefreshTryCount": 3,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abcd" },
"SPAuth": {
"authType": "oauth2",
"url": "https://accounts.accesscontrol.windows.net/tokens/OAuth/2",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"client_secret": "",
"client_id": "",
"resource": "",
"redirect_uri": "" },
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded",
"Accept": "application/json" },
"httpContentType": "application/x-www-form-urlencoded",
"retryFailureStatusCode": [
401,
500,
400,
403
],
"authError": [
"invalid_request" ],
"errorPath": "odata~dot#error",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abcd" }
}
}

 

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @Smiling 

Please use the same connection name in connection JSON as well. 

"connection": "userAuth", -->Please use acctAuth  and see if it works.

Regards,

Dhruv Sharma

Smiling
Regular Contributor
Regular Contributor

it's still not working, is there any way to do it with userAuth ?

Share connection json


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hey,

I have Mention Connection JSON below 

Connection JSON
{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "https://login.microsoftonline.com//oauth2/token?api-version=1.6",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"client_secret": "",
"client_id": "",
"resource": "https://graph.microsoft.com/" },
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded" },
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken" ],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abcd" },
"entAuth": {
"authType": "oauth2",
"url": "https://login.microsoftonline.com//oauth2/token?api-version=1.6",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"client_secret": "",
"client_id": "",
"resource": "https://graph.windows.net/" },
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded" },
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"Authentication_MissingOrMalformed" ],
"timeOutError": "Read timed out",
"errorPath": "odata~dot#error.code",
"maxRefreshTryCount": 3,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abcd" },
"SPAuth": {
"authType": "oauth2",
"url": "https://accounts.accesscontrol.windows.net/tokens/OAuth/2",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"client_secret": "",
"client_id": "",
"resource": "",
"redirect_uri": "" },
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded",
"Accept": "application/json" },
"httpContentType": "application/x-www-form-urlencoded",
"retryFailureStatusCode": [
401,
500,
400,
403
],
"authError": [
"invalid_request" ],
"errorPath": "odata~dot#error",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abcd" }
}
}

Smiling
Regular Contributor
Regular Contributor

Hey @rushikeshvartak @Dhruv_S any update on this 

Dhruv_S
Saviynt Employee
Saviynt Employee

Hi @Smiling 

Regarding your requirement to use the same connection, the existing AzureAD connector is enhanced to provision accounts and access in addition to importing accounts and entitlements and also to import users. 

You can start using the same connection from V23.11. Please refer the release notes.

Regarding the current issues related to REST JSON, I would recommend you match the JSON syntax with the documentation samples. Please refer below. Please validate if the save and test connection is working before doing the import.

Configuring the Integration for Importing Users (saviyntcloud.com)

Developers Handbook (saviyntcloud.com)

Regards,

Dhruv Sharma