Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

AzureAD account-entitlement mapping doesn't work

sakshibansal
New Contributor II
New Contributor II

Hello,

I have configured an AzureAD connection and it is straightforward. I am simply importing all objects from Azure. All accounts and entitlements are imported but the acc-ent mapping doesn't work.

No account is associated with any entitlement imported from Azure. I tried add other fields in connection like ACCOUNT_IMPORT_FIELDS, ACCOUNT_ATTRIBUTES and ENTITLEMENT_ATTRIBUTES but nothing works.

Do you know what could be the issue?

8 REPLIES 8

rushikeshvartak
All-Star
All-Star
  • Share connection configuration 
  • Do you see any error in logs when you run job ?
  • Do you have appropriate privileges to pull accounts access from azureAD
  •  

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

sakshibansal
New Contributor II
New Contributor II

Hello,

1. The configuration is as follows:

  • CLIENT_ID
  • CLIENT_SECRET
  • AAD_TENANT_ID
  • STATUS_THRESHOLD_CONFIG - {
    "statusAndThresholdConfig": {
    "statusColumn":
    "customproperty10",
    "activeStatus": ["true"],
    "deleteLinks": true,
    "accountThresholdValue": 100,
    "correlateInactiveAccounts": true,
    "inactivateAccountsNotInFile": false
    }
    }

2. This is the only error I found in logs.

 DEBUG azure.AzureADProvisioningService - Inside AzureADProvisioningService.processMemberAndGuestPermission\n","stream":"stdout","time":"2022-12-28T13:54:49.184782645Z"}"
DEBUG azure.AzureADProvisioningService - Exception in AzureADProvisioningService.doImport : java.lang.IndexOutOfBoundsException: Index: 0, Size: 0\n","stream":"stdout","time":"2022-12-28T13:54:49.185796064Z"}"

Although something strange as well.

DEBUG generic.GenericProvisioningService - Inside disableEntitlementValues - entTypes to be disabled : [154]\n","stream":"stdout","time":"2022-12-28T13:54:49.164494275Z"}".

entitlemanttypekey - 154, is for AADGroup, which are the only entitlements present in Azure for import and are assigned to users. Not sure why.

3.  All necessary permissions are in place.

Screenshot of connection 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@sakshibansal,

I'm assuming that you are using the default AzureAD type connection. Can you ensure  that you also have the following parameters populated ?

AUTHENTICATION_ENDPOINT

MICROSOFT_GRAPH_ENDPOINT

AZURE_MANAGEMENT_ENDPOINT

 

Also the error that you have shared, is that from  Accounts Import or Access Import ?

 

Regards,
Avinash Chhetri

The error is in Access Import job.

Also, it gives error 400 on adding any value to these MICROSOFT_GRAPH_ENDPOINT, AZURE_MANAGEMENT_ENDPOINT.

sakshibansal
New Contributor II
New Contributor II

sakshibansal_0-1672325934823.png

sakshibansal_1-1672325968958.png

 

And json while running job ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

I am simply running Full Access import job, no json added.