Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/13/2024 08:50 AM
Hello!
We have an AzureAD connection set up and during the provisioning flow where we add/remove access (entitlements) to users we encounter the following error:
The connection JSON used is the one from the configuration guide: Configuring the Integration for Provisioning and Deprovisioning (saviyntcloud.com)
Any idea what can be done to fix this? Account creation JSON is working, however, Add Access and Remove Access do not.
Thank you!
Solved! Go to Solution.
06/13/2024 09:47 PM - edited 06/13/2024 09:48 PM
Please share json used. and also confirm if same working from postman ?
06/17/2024 08:11 AM - edited 06/17/2024 08:12 AM
{
"call": [
{
"name": "SKU",
"connection": "${connectionName}",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}/assignLicense",
"httpMethod": "POST",
"httpParams": "{\"addLicenses\": [{\"disabledPlans\": [],\"skuId\": \"${entitlementValue.entitlementID}\"}],\"removeLicenses\": []}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
},
{
"name": "DirectoryRole",
"connection": "${connectionName}",
"url": "https://graph.microsoft.com/v1.0/directoryRoles/${entitlementValue.entitlementID}/members/\\$ref",
"httpMethod": "POST",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/directoryObjects/${account.accountID}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
},
"unsuccessResponses": {
"odata~dot#error.code": [
"Request_BadRequest",
"Authentication_MissingOrMalformed",
"Request_ResourceNotFound",
"Authorization_RequestDenied",
"Authentication_Unauthorized"
]
}
},
{
"name": "AADGroup",
"connection": "${connectionName}",
"url": "https://graph.microsoft.com/v1.0/groups/${entitlementValue.entitlementID}/members/\\$ref",
"httpMethod": "POST",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/directoryObjects/${account.accountID}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
},
{
"name": "ApplicationInstance",
"connection": "${connectionName}",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}/appRoleAssignments",
"httpMethod": "POST",
"httpParams": "{\"principalId\": \"${account.accountID}\", \"id\": \"${}\", \"resourceId\": \"${entitlementValue.entitlementID}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
},
{
"name": "Team",
"connection": "${connectionName}",
"url": "https://graph.microsoft.com/v1.0/groups/${entitlementValue.entitlementID}/members/\\$ref",
"httpMethod": "POST",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/directoryObjects/${account.accountID}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}
I tested the calls in Postman and could get it working for almost all. The SKU call is failing for us in Saviynt with the following error:
The usage location was correctly entered under customProperty19 as stated in the configuration guide.
06/17/2024 08:18 PM
Verify the Usage Location: Ensure that the usageLocation attribute is correctly set for the user in Azure AD. This should be set to a valid ISO 3166-1 alpha-2 country code (like "US", "CA", "GB", etc.).
Check Custom Property Mapping: Verify that the custom property customProperty19 in Saviynt is correctly mapped to usageLocation in Azure AD. Ensure that it's correctly populated with a valid ISO country code.
Check for Updates: Confirm that any changes made in Azure AD (like setting the usageLocation for the user) have been synchronized with Saviynt.
Double-check Configuration: Review the configuration guide and ensure that all steps have been followed correctly. Sometimes, there might be additional steps or configurations required that are specific to Saviynt's implementation.
Test in Postman: Since you mentioned that it works in Postman, verify the exact request and response from Postman to ensure that all necessary headers, parameters, and payload are correctly set.
Review Error Details: Check if there are any additional details in the error response that might give more insight into the issue.
Check Saviynt Logs: Look into the logs in Saviynt to see if there are more specific details or errors related to the license assignment.
Azure AD Portal: Consider checking directly in the Azure AD portal to verify the user's usageLocation and ensure it's set correctly.
06/18/2024 12:51 PM
Thank you @rushikeshvartak We were able to fix it.
06/18/2024 02:19 PM
Please share working JSON
06/20/2024 05:59 AM
{
"accountIdPath": "call1.message.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"displayName": "call1.message.displayName~#~char",
"name": "call1.message.userPrincipalName~#~char"
},
"call": [
{
"name": "call1",
"connection": "${connectionName}",
"url": "https://graph.microsoft.com/v1.0/users",
"httpMethod": "POST",
"httpParams": "{\"accountEnabled\":true,\"mailNickname\":\"${user.firstname}\",\"userPrincipalName\":\"${user.username}@email.com\",\"givenName\":\"${user.firstname}\",\"surname\":\"${user.lastname}\",\"displayName\":\"${user.firstname} ${user.lastname}\",\"usageLocation\":\"US\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":false,\"password\":\"${password}\"}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}
We added the usage location attribute in the CreateAccount JSON and set it to a static value.
This fixed the invalid usage location error.