Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

createrequest via the API for adding user to roles

navneetv
Regular Contributor II
Regular Contributor II

‎04/23/2024 09:41 AM

Hi Team,

I am encountering a 400 error unauthorized when attempting to call the API for adding a user to a role. However, I am able to successfully call other APIs. This is the first time I have used a role request. We have a use case where we need to add a user to Bulk AD groups via the API. I have created a role and added all the necessary groups. I expected this to generate the ADD Access for entitlement for the requestable user.

navneetv_0-1713890202775.png

 

OTHER API call is working. 

navneetv_1-1713890248275.png

 

 

0 Kudos
17 REPLIES 17

PremMahadikar
All-Star
All-Star

‎04/23/2024 11:03 AM

Hi @navneetv ,

Requesting/provisioning experience will be same for both UI and API. It will for sure generate add access for entitlement.

I believe you have added necessary access permission to make this API call.  Rest I can only think of other permission to request role.

Please check all the below are configured:

  1. Make sure the created role has atleast one entitlement assigned 
  2. If there is role filter query configured at Global Configurations->Role Request, please remove it
  3. Workflow is defined in global configuration (Under global config - Roles)PremMahadikar_0-1713895047085.png

     

  4. Role is set 'True' for requestablePremMahadikar_1-1713895167723.png

Note: You can also cross verify requesting from UI

 

If you find the above response useful, Kindly Mark it as Accept As Solution and hit Kudos

Best,
Prem Mahadikar
0 Kudos

rushikeshvartak
All-Star
All-Star

‎04/23/2024 08:13 PM

Please check show All in ROLE_ADMIN is defined as All Roles

 

rushikeshvartak_0-1713928383659.png

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

navneetv
Regular Contributor II
Regular Contributor II

‎04/23/2024 11:35 PM

@rushikeshvartak what exactly this option or function does? if i select all in show roles 

0 Kudos

PremMahadikar
All-Star
All-Star
In response to navneetv

‎04/23/2024 11:40 PM - edited ‎04/23/2024 11:41 PM

@navneetv ,

PremMahadikar_0-1713940673733.png

I don't think this would help here. 

Did you check all the above configurations mentioned? We are using createrequest API for adding user to the role from long time in PROD (live currently), we haven't faced any issue.

If you find the above response useful, Kindly Mark it as Accept As Solution and hit Kudos

Best,
Prem Mahadikar
0 Kudos

navneetv
Regular Contributor II
Regular Contributor II

‎04/23/2024 11:58 PM - edited ‎04/24/2024 12:08 AM

@PremMahadikar  I checked after making the changes to the global configuration along with the requestable role marked true, but I am still encountering the same error. How can I confirm if the permissions are properly set up for my account? I can generate the Add task with the entitlement request, but when I attempt to call the role request API, I receive a 400 error.

navneetv_3-1713942323646.png

 

 

navneetv_5-1713942498744.png

 

 

 

 

navneetv_1-1713941770717.png

 

0 Kudos

PremMahadikar
All-Star
All-Star
In response to navneetv

‎04/24/2024 12:42 AM

@navneetv ,

Few more checks:

  1. Did you try requesting role from UI? (If its errored, can you pass logs when you do this?)
  2. Endpoint on add user to role as v5? https://ssm-XYZ.saviyntcloud.com/ECM/api/v5/createrequest
  3. SAV role web service accessPremMahadikar_0-1713944403118.png

 

Best,
Prem Mahadikar
0 Kudos

navneetv
Regular Contributor II
Regular Contributor II

‎04/24/2024 05:06 AM

Hi @PremMahadikar  @rushikeshvartak 

I would like to know if I can use the roles feature to add an Active Directory account to multiple AD groups through an API call. This is my first time using the roles feature, so I'm not sure if it can accomplish my use case

I tried using the GUI and the request was auto-approved as expected. However, the Add access task was not generated for AD.

 

navneetv_0-1713960345046.png

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to navneetv

‎04/24/2024 05:08 AM

You can add

  • task not generated - please check request option is none(create task) under endpoint. - ent type

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

navneetv
Regular Contributor II
Regular Contributor II

‎04/24/2024 06:41 AM

@rushikeshvartak  table is already selected in request-option in eNT TYPE

 

navneetv_0-1713966027779.png

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to navneetv

‎04/24/2024 09:03 PM

Is there any existing tasks open ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

navneetv
Regular Contributor II
Regular Contributor II

‎04/24/2024 10:31 PM

Nothing task was generated for the user.  

0 Kudos

navneetv
Regular Contributor II
Regular Contributor II

‎04/24/2024 10:36 PM

@rushikeshvartak Nothing task was generated for the user. I configured the role. Is there any additional step that needs to be performed to activate the role requestable?

navneetv_0-1714023386368.png

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to navneetv

‎04/25/2024 09:30 PM

Enterprise role should not be tagged to endpoint


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

navneetv
Regular Contributor II
Regular Contributor II

‎04/24/2024 10:39 PM

@PremMahadikar  All permissions look good. I have the sav_admin role and I am able to generate the add task for entitlement, but it failed for the role.

0 Kudos

navneetv
Regular Contributor II
Regular Contributor II

‎04/25/2024 09:39 PM

@rushikeshvartak Is there any way to add users to a bulk Active Directory (AD) group using an API request?

I thought, we could use roles, and roles can be requested via the API. Add access Tasks would be granted for groups that are added to the role.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to navneetv

‎04/25/2024 09:55 PM

Use multi user bulk file upload for roles / entitlement


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

navneetv
Regular Contributor II
Regular Contributor II

‎04/25/2024 10:06 PM

@rushikeshvartak 

We are using the FreshService workflow to send an API call to Saviynt as per the FS request. If there is a request to add users to all 6 groups based on their department, we need to make one API call to Saviynt to add the users to the bulk AD group.
We can use the ENETIELEMT request to add all entitlements in a single body, but since we have many bulk groups that need to be added based on department, using the ENETLEMENT request will require handling lots of logic and API calls in the FS workflow, which can cause performance issue of workflow.

Therefore, I was looking for a role-based solution where they can send one call and generate the add access for AD groups, which are added to role

0 Kudos
Copyright © 2024 Khoros, LLC