Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/04/2024 03:25 PM
Hello,
The Azure AD access import job is failing with below error:
in Logs I have found Illegal character error like :
[error:Error Illegal character in path at index 55: https://graph.microsoft.com/v1.0/directoryRoles/billing administrator/members]
we are using Azure AD Type connection for bringing Accounts and entitlements and only want to bring certain entitlement types. Below are the jSONs we are using
{
"entitlementAttribute": {
"AADGroup": {
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"customproperty1": "deletionTimestamp~#~char",
"customproperty2": "description~#~char",
"customproperty5": "dirSyncEnabled~#~char",
"customproperty6": "lastDirSyncTime~#~char",
"customproperty7": "mail~#~char",
"customproperty8": "mailEnabled~#~char",
"customproperty9": "onPremisesSecurityIdentifier~#~char",
"customproperty10": "securityEnabled~#~char",
"customproperty11": "groupTypes~#~listAsString",
"customproperty12": "membershipRule~#~char",
"customproperty13": "membershipRuleProcessingState~#~char",
"customproperty16": "resourceProvisioningOptions~#~char"
}
},
"AADGroupOwners": {
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"customproperty14": "ownerIdList~#~char",
"customproperty15": "ownerTypeList~#~char"
}
},
"DirectoryRole": {
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"customproperty4": "description~#~char",
"customproperty6": "deletedDateTime~#~char",
"customproperty8": "roleTemplateId~#~char"
}
}
}
}
And In job we have configured custom access JSON as follows:
{
"importEntTypes": {
"DirectoryRole": {},
"DirectoryRoleMember": {},
"AADGroup": {}
},
"excludeEntTypes": {
"Application": {},
"AppRole": {},
"Oauth2Permission": {},
"ServicePlans": {},
"ApplicationInstance": {},
"Subscription": {},
"Team": {},
"MemberPermission": {},
"GuestPermission": {},
"Channel": {},
"SKU": {}
}
}
Solved! Go to Solution.
06/04/2024 07:13 PM
06/05/2024 09:01 AM
@rushikeshvartak Yes there are members present in Directory Roles. We have figured out the issue, there are two entitlements with same Role template ID and one was created in Saviynt and not present in Azure AD. This was creating issue and we have rectified it.
Thanks for the response.
06/05/2024 08:27 PM
This is known behavior if entitlementID is blank in saviynt and same group tries to create it will throw error.
✅👍Please click the 'Accept As Solution' button on the reply (or replies) that best answered your original question.