Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Entitlement Import & AcctEnt mapping issue in REST Connector

mansoorahmed1
New Contributor III
New Contributor III

‎02/15/2024 04:53 AM

Hi,

Im trying to import Accounts and Entitlement for an application using REST connector. Im able to get accounts imported but the Entitlements are not getting imported . The entitlements can be view in the same API call as in accounts import. There is no seperate call for entitlement / groupmembership .
below is the response in postman

mansoorahmed1_0-1708000839543.png

mansoorahmed1_1-1708000848451.png

Below is the JSON I used initially where entitlements didnt get imported.

{
    "accountParams": {
        "connection": "acctAuth",
        "processingType": "SequentialAndIterative",
        "call": {
            "call1": {
                "callOrder": 0,
                "stageNumber": 0,
                "http": {
                    "url": "****",
                    "httpHeaders": {
                        "Authorization": "${access_token}",
                        "Accept": "application/json"
                    },
                    "httpContentType": "application/json",
                    "httpMethod": "GET"
                },
                "listField": "accounts",
                "keyField": "accountID",
                "colsToPropsMap": {
"accountID": "username~#~char",
                "name": "username~#~char",
                "displayName": "fullname~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
                    
                }
            }
        },
 
"acctEntMappings": {
"app_roles": {
"listPath": "app_roles",
"idPath": "accounts",
"keyField": "entitlementID"
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"app_roles": {}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}

I tried with the below JSON, entitlements are created correctly if the user is having one entitlement and  if a some user is having multiple entitlements then the one entry is created for entitlements with concat of all entitlement as the entitlement value 

 

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://energy/api/protected/users/readAllUsers",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "accounts",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "username~#~char",
"name": "username~#~char",
"displayName": "fullname~#~char"

}
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"app_roles": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://energy/api/protected/users/readAllUsers",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "accounts",
"keyField": "entitlementID",
"colsToPropsMap": {
"displayName": "app_roles~#~char",
"entitlementID": "app_roles~#~char",
"entitlement_value": "app_roles~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"entTypes": {
"app_roles": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "acctToEntMapping",
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://energy/api/protected/users/readSingleUser?username={id}",
"httpMethod": "GET"
},
"listField": "",
"entIdPath": "app_roles",
"entKeyField": "entitlementID",
"acctKeyField": "accountID"
}
}
}
}
}
}

Labels:
0 Kudos
10 REPLIES 10

Dhruv_S
Saviynt Employee
Saviynt Employee

‎02/19/2024 07:10 PM

Hi @mansoorahmed1 

Please refer to the below links for getting the relevant ImportAccountEntJSON for importing accounts and entitlements.

Developers Handbook (saviyntcloud.com)

Configuring the Integration for Importing Accounts and Access (saviyntcloud.com)

Solved: Entitlements aren't getting mapped to accounts in ... - Saviynt Forums - 72744

Additionally you can also refer to the Examples for JSON Construction section to info on listField,keyfield etc.

Regards,

Dhruv Sharma

0 Kudos

mansoorahmed1
New Contributor III
New Contributor III

‎02/20/2024 06:10 AM - last edited on ‎02/20/2024 06:24 AM by Community Manager

@Dhruv_S Thank you,

This is the JSON I have restructed based the Forum you mentioned as well as from doc portal. However what should I give in the colsToPropsMap since the roles doesnt have a field to map.

 

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://****/api/protected/omsusers/readAllUsers ",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "accounts",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "username~#~char",
"name": "username~#~char",
"displayName": "fullname~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"

}
}
},
"acctEntMappings": {
"app_roles": {
"importAsEntitlement": true,
"listPath": "",
"idPath": "app_roles",
"keyField": "",
"colsToPropsMap": {
"entitlementID": "app_roles~#~char",
"entitlement_value":"app_roles~#~char"
}
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"app_roles": {}
}
},

"acctEntParams": {
"processingType": "acctToEntMapping"
}
}

[This message has been edited by moderator to disable url link.]

0 Kudos

Vedanth-BK
Regular Contributor II
Regular Contributor II
In response to mansoorahmed1

‎02/20/2024 08:12 AM

Hi @mansoorahmed1 

Please try with the below json.
Note: Run both account and access import 
Also please confirm if cp31 is populated with values after account recon job.

{
  "accountParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
          "url": "https://****/api/protected/omsusers/readAllUsers ",
          "httpHeaders": {
            "Authorization": "${access_token}",
            "Accept": "application/json"
          },
          "httpContentType": "application/json",
          "httpMethod": "GET"
        },
        "listField": "accounts",
        "keyField": "accountID",
        "colsToPropsMap": {
          "accountID": "username~#~char",
          "name": "username~#~char",
          "displayName": "fullname~#~char",
          "customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
        }
      }
    },
    "acctEntMappings": {
      "app_roles": {
        "importAsEntitlement": true,
        "listPath": "app_roles",
        "idPath": "",
        "keyField": "entitlementID",
        "colsToPropsMap": {
          "entitlementID": "app_roles~#~char",
          "entitlement_value": "app_roles~#~char"
        }
      }
    }
  },
  "entitlementParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
    "entTypes": {
      "app_roles": {}
    }
  },
  "acctEntParams": {
    "processingType": "acctToEntMapping"
  }
}



Thank you
Vedanth B.K
If you find my response helpful and it works, Hit the 'Kudos' button and accept it as a solution!!
0 Kudos

mansoorahmed1
New Contributor III
New Contributor III
In response to Vedanth-BK

‎03/06/2024 02:16 AM

I can only see Cp31 is populated but entitlements arent getting created . 

0 Kudos

mansoorahmed1
New Contributor III
New Contributor III

‎02/20/2024 09:06 PM

@Vedanth-BK 

Below is the CP31 value 

{"app_roles":{"entIds":["[WebWorkspace - Control Room, WebWorkspace - Data Capture, WebWorkspace - System Operations, WebWorkspace - View Only, WebCallEntry - Web Call Entry]"]}}

Also the account import jobs fails.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to mansoorahmed1

‎02/20/2024 09:12 PM

Share error logs


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

mansoorahmed1
New Contributor III
New Contributor III

‎02/20/2024 09:49 PM

attaching logs

Preview file
1241 KB
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to mansoorahmed1

‎02/20/2024 10:06 PM

try renaming entitlement type in Saviynt &  import json and try app_roles to Roles


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

mansoorahmed1
New Contributor III
New Contributor III
In response to rushikeshvartak

‎03/06/2024 02:15 AM

No Luck there. Still the same

0 Kudos

Dhruv_S
Saviynt Employee
Saviynt Employee
In response to mansoorahmed1

‎03/08/2024 02:41 AM

Hi @mansoorahmed1 

Could you please confirm if this issue got resolved ?

If yes- could you please share the working JSON. 

If no- could you please confirm the current issue and JSON.

Regards,

Dhruv Sharma

0 Kudos
Copyright © 2024 Khoros, LLC