Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/20/2024 04:30 AM
Hi Team,
We have a use case to provision account in AD based on requests coming from ServiceNow/API call.
For setting the manager attribute in AD, we are using a dynamic attribute in the create account JSON as: "manager": "${managerDN}" and we are getting Error parsing JSON.
but same is working fine if the AD account is getting provision through birthright rule.
Can you please help why the same is not getting processed by Saviynt for request-based account?
Thanks,
05/20/2024 06:32 AM
Share the json which you are using?
Also share the screenshot of DA
05/20/2024 09:46 AM
Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .
‼️‼️⚠️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.⚠️‼️‼️
05/20/2024 08:31 PM - edited 05/20/2024 08:53 PM
@rushikeshvartak Thank you for the response, please find the log snapshot
The same create account JSON is working for birthright provisioning in AD with the mapping "manager": "${managerDN}". And for request based as well if we are not using the mapping - "manager": "${managerDN}"
Thanks,
05/20/2024 09:27 PM
‼️‼️⚠️Keep company-specific private information masked on public forums, such as the name and URL.⚠️‼️‼️
05/20/2024 10:36 PM
05/20/2024 10:39 PM
Share json in text file as your json have typos
05/20/2024 10:55 PM
05/21/2024 02:55 AM
@rushikeshvartak Any suggestion?
Thanks,
05/21/2024 11:18 PM
{
"sAMAccountName": "${task.accountName}",
"userPrincipalName": "${task.accountName}@ABCD.gov.au",
"displayName": "${user.lastname.toUpperCase()}, ${user.firstname.substring(0, 1).toUpperCase()}${user.firstname.substring(1)} (Priv Account)",
"userAccountControl": "1048576",
"title": "${user.title}",
"personalTitle": "${user.customproperty2}",
"manager": "${managerDN}",
"department": "${user.departmentname}",
"givenName": "${user.firstname}",
"sn": "${user.lastname}",
"division": "${user.customproperty12}",
"objectClass": ["top", "person", "organizationalPerson", "user"],
"employeeNumber": "${user.username}",
"employeeID": "${user.username}",
"description": "${requestAccessAttributes?.get('description').replaceAll('[\n\r]', '').trim()}",
"pwdLastSet": "0"
}
05/22/2024 05:04 AM - edited 05/22/2024 05:19 AM
@rushikeshvartak Now getting below error, even if the manager has active account in AD.
A snippet from the logs:
Attached is the complete log file. Please suggest.
Thanks,
05/22/2024 09:23 PM
Without manager does it working ?
05/23/2024 06:13 AM
@rushikeshvartak yes, if we are not using the mapping "manager": "${managerDN}" it is working. And getting the same error as above if we are trying to provision account to user whose manager does not have an account in AD.
In Saviynt we have two endpoints - "AD", "AD ABC" (both are pointing to same AD server)
1. The manager account is on the AD endpoint.
2.This issue we are facing when trying to create user account in "AD ABC" endpoint and setting the manager attribute with the DN of the manager account created on "AD" endpoint from Saviynt side.
Please suggest if this needs to be handled in different way.
Thanks,
05/23/2024 09:30 PM
Account should exists in same endpoint then it will work