Saviynt Forums

Ajit · ‎05/20/2024

Hi Team,

We have a use case to provision account in AD based on requests coming from ServiceNow/API call.

For setting the manager attribute in AD, we are using a dynamic attribute in the create account JSON as: "manager": "${managerDN}" and we are getting Error parsing JSON.

but same is working fine if the AD account is getting provision through birthright rule.

Can you please help why the same is not getting processed by Saviynt for request-based account?

Thanks,

Manu269 · ‎05/20/2024

Share the json which you are using?

Also share the screenshot of DA

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

rushikeshvartak · ‎05/20/2024

Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .

‼️‼️⚠️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.⚠️‼️‼️

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Ajit · ‎05/20/2024

@rushikeshvartak Thank you for the response, please find the log snapshot

The same create account JSON is working for birthright provisioning in AD with the mapping "manager": "${managerDN}". And for request based as well if we are not using the mapping - "manager": "${managerDN}"

Thanks,

rushikeshvartak · ‎05/20/2024

Please share josn
please share logs in text file

‼️‼️⚠️Keep company-specific private information masked on public forums, such as the name and URL.⚠️‼️‼️

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Ajit · ‎05/20/2024

@rushikeshvartak Below is the JSON:

Attached is the logs in text file.

rushikeshvartak · ‎05/20/2024

Share json in text file as your json have typos

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Ajit · ‎05/20/2024

@rushikeshvartak Please find attached JSON as text file.

Thanks,

Ajit · ‎05/21/2024

@rushikeshvartak Any suggestion?

Thanks,

rushikeshvartak · ‎05/21/2024

{
"sAMAccountName": "${task.accountName}",
"userPrincipalName": "${task.accountName}@ABCD.gov.au",
"displayName": "${user.lastname.toUpperCase()}, ${user.firstname.substring(0, 1).toUpperCase()}${user.firstname.substring(1)} (Priv Account)",
"userAccountControl": "1048576",
"title": "${user.title}",
"personalTitle": "${user.customproperty2}",
"manager": "${managerDN}",
"department": "${user.departmentname}",
"givenName": "${user.firstname}",
"sn": "${user.lastname}",
"division": "${user.customproperty12}",
"objectClass": ["top", "person", "organizationalPerson", "user"],
"employeeNumber": "${user.username}",
"employeeID": "${user.username}",
"description": "${requestAccessAttributes?.get('description').replaceAll('[\n\r]', '').trim()}",
"pwdLastSet": "0"
}

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Ajit · ‎05/22/2024

@rushikeshvartak Now getting below error, even if the manager has active account in AD.

A snippet from the logs:

Attached is the complete log file. Please suggest.

Thanks,

rushikeshvartak · ‎05/22/2024

Without manager does it working ?

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Ajit · ‎05/23/2024

@rushikeshvartak yes, if we are not using the mapping "manager": "${managerDN}" it is working. And getting the same error as above if we are trying to provision account to user whose manager does not have an account in AD.

In Saviynt we have two endpoints - "AD", "AD ABC" (both are pointing to same AD server)

1. The manager account is on the AD endpoint.

2.This issue we are facing when trying to create user account in "AD ABC" endpoint and setting the manager attribute with the DN of the manager account created on "AD" endpoint from Saviynt side.

Please suggest if this needs to be handled in different way.

Thanks,

rushikeshvartak · ‎05/23/2024

Account should exists in same endpoint then it will work

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Saviynt Forums

Error Parsing JSON for request based New Account Task on AD Endpoint due to Dynamic Attribute