Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

DUO integration in 5.5v using REST API importAccountEntJSON

Vajra
New Contributor III
New Contributor III

Hi,

 

If anyone has done using DUO integration 5.5v using REST connector. We have tried the below REST API to do ImportAccountJSON.

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"accountNotInImportAction": "Delete",
"accountThresholdValue":200000
},

"call": {
"call1": {
"callOrder": 1,
"listField": "Resources",
"keyField": "name",
"makeProcessingStatus": false,
"disableDeletedAccounts": true,
"http": {
"url": "https://hostname/admin/v1/users",
"httpMethod": "GET",
"httpContentType": "application/json",
"Accept": "application/json",
"httpHeaders": {
"Authorization": "${access_token}"
}
},

"colsToPropsMap": {
"accountID": "userName~#~char",
"name": "userName~#~char",
"DISPLAYNAME": "displayName~#~char",
"customproperty1": "duoEntry.status~#~char",
"customproperty2": "duoEntry.is_enrolled~#~char",
"customproperty3": "duoEntry.email~#~char",
"customproperty4": "id~#~char",
"customproperty5": "duoEntry.alias1~#~char",
"customproperty6": "duoEntry.alias2~#~char",
"customproperty7": "duoEntry.alias3~#~char",
"customproperty8": "duoEntry.alias4~#~char",
"customproperty9": "duoEntry.phones[0].number~#~char",
"customproperty10": "duoEntry.created~#~epochdate"
},

"pagination": {
"offset": {
"offsetParam": "startIndex",
"batchParam": "count",
"batchSize": 250,
"totalCountPath": "completeResponseMap.totalResults"
}
}
}
}
}
}

 

20 REPLIES 20

anandinguva
New Contributor
New Contributor

Vajra - which Duo implementation is yours? In our DUO get calls for /users endpoint, we get responses under "response" variable. Your listfield seems to be different. Is this JSON working and are you able to fetch more than 100 accounts from Duo application? 

Vajra
New Contributor III
New Contributor III

DUO as managed application. 

yes we are also calling admin/v1/users API you can see above.  Saviynt version is 5.5v  can you provide your JSON?

@Vajra  Below is the JSON but this is not working for me. It throws 401 error when i include the pagination parameter in the JSON. Without pagination, it works fine but only brings back 100 accounts from Duo. 

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxx.duosecurity.com/admin/v1/users",
"basicUrl":"xxxx.duosecurity.com",
"hostUrl":"/admin/v1/users",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "response",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "user_id~#~char",
"name": "username~#~char",
"status": "status~#~char",
"customproperty1": "status~#~char"
},
"pagination":
{
"offset":{
"offsetParam": "offset",
"batchParam": "limit",
"batchSize": 10,
"totalCountPath": "completeResponseMap.metadata.total_objects"
}
}
}
}
}
}

Vajra
New Contributor III
New Contributor III

I will have to try this and let you know

Vajra
New Contributor III
New Contributor III

I tried the above JSON. I see the below error in the log.Connection JSON is fine

RestProvisioningService - Got Webservice API Response: [headers:[Server: Duo/1.0, Date: Tue, 13 Jun 2023 17:02:02 GMT, Content-Type: application/json, Content-Length: 73, Connection: keep-alive], responseText:{"code": 40101, "message": "Missing request credentials", "stat": "FAIL"}, cookies:[], statusCode:401]

 

 

@Vajra  Thanks for confirmation. So how is your JSON working with pagination? I am assuming you have accounts in 1000s if not more. 

Vajra
New Contributor III
New Contributor III

Its not working , i posted the error it says missing request credentials

Vajra
New Contributor III
New Contributor III

Any update on this would be appreciated

prashantChauhan
Saviynt Employee
Saviynt Employee

Hi @Vajra 

what is the reason for using the REST connector for Duo Import? Saviynt has recommended using the OOTB DUO connector for Import operations and the REST connector for the Provisioning operations only.

Please check- https://docs.saviyntcloud.com/bundle/Duo-v2022x/page/Content/Connector-Architecture.htm

1. Is this OOTB Connector is supported in 5.5sp3?

2. We tried that as well , however we are seeing null import with below error

2023-06-26 18:35:00,703 [quartzScheduler_Worker-9] DEBUG generic.GenericProvisioningService - url: https://api-0dcd3a05.duosecurity.com/admin/v1/admins?limit=100&offset=0
2023-06-26 18:35:01,036 [quartzScheduler_Worker-9] DEBUG generic.GenericProvisioningService - Token Error is : null
2023-06-26 18:35:01,043 [quartzScheduler_Worker-9] DEBUG generic.GenericProvisioningService - GenericProvisioningService.pullAcctObjectsByRest - responseMap.size : 3
2023-06-26 18:35:01,043 [quartzScheduler_Worker-9] DEBUG generic.GenericProvisioningService - GenericProvisioningService.pullAcctObjectsByRest - objectList.size : 0
2023-06-26 18:35:01,065 [quartzScheduler_Worker-9] DEBUG generic.GenericProvisioningService - Inside disableAccountsByJobId
2023-06-26

 

prashantChauhan
Saviynt Employee
Saviynt Employee

Yes, @Vajra this is supported in 5.5sp3.

Have you run this Import using the DUO connector? Please make sure that all the prerequisites mentioned in the Duo guide are followed- https://docs.saviyntcloud.com/bundle/Duo-v2022x/page/Content/Using-Duo-Connector.htm

Also, please share the complete debug logs and also the Job error message, and the job log details page screenshot.

Yes we have ,see above comments. The logs were from OOTB DUO connector. Its throwing Token error.

There is no Job error /Job log details 

Vajra_0-1687874099851.png

 

prashantChauhan
Saviynt Employee
Saviynt Employee

@Vajra Can you please attach the complete debug logs for the Import?

Attaching the full logs ....it doesnt give any info

 

Vajra
New Contributor III
New Contributor III

Any update on this ....we have raised FD ticket for this

prashantChauhan
Saviynt Employee
Saviynt Employee

@Vajra, I looked at the logs, and it seems like the Import is running successfully.

Token Error is : null in logs means there was no error in fetching the token.

API calls are also successful.

Can you please tell me the discrepancy that you are facing after the Import?

Thanks.

I have attached the screenshot whats happening with import. It says null import.

It doesnt import anything Account/Access. The job details show as null import.

prashantChauhan
Saviynt Employee
Saviynt Employee

I can see that the connector is calling the below APIs but receiving 0 objects in the response.

https://api-0dcd3a05.duosecurity.com/admin/v1/users?limit=100&offset=0

https://api-0dcd3a05.duosecurity.com/admin/v1/admins?limit=100&offset=0

 

GenericProvisioningService.pullAcctObjectsByRest - objectList.size : 0

Please verify that the values under IKEY, SKEY, and HOSTNAME are correct and have sufficient privileges?

Also, check by calling these APIs via Postman and highlight the difference that the API does indeed return the objects if called directly via Postman. Attach the sample response as well.

You can also attach this info in the FD ticket since the Engg who will work on that Ticket will also require this preliminary info.

Thanks.

can you let us know what is the authentication mechanism that we need to chose in postman?

BasicWithHmac

https://docs.saviyntcloud.com/bundle/Duo-v2022x/page/Content/Using-Duo-Connector.htm#top


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.