Saviynt Forums

Sample AD  and Saviynt account mapping attribute via UI

[
CUSTOMPROPERTY1::cn#String,
CUSTOMPROPERTY30::userAccountControl#String,
CUSTOMPROPERTY2::userPrincipalName#String,
CUSTOMPROPERTY28::primaryGroupID#String,
LASTLOGONDATE::lastLogon#millisec,
DISPLAYNAME::name#String,
CUSTOMPROPERTY25::company#String,
CUSTOMPROPERTY20::employeeID#String,
CUSTOMPROPERTY3::sn#String,
COMMENTS::distinguishedName#String,
CUSTOMPROPERTY4::homeDirectory#String,
LASTPASSWORDCHANGE::pwdLastSet#millisec,
CUSTOMPROPERTY5::co#String,
CUSTOMPROPERTY6::employeeNumber#String,
CUSTOMPROPERTY7::givenName#String,
CUSTOMPROPERTY8::title#String,
CUSTOMPROPERTY9::telephoneNumber#String,
CUSTOMPROPERTY10::c#String,
DESCRIPTION::description#String,
CUSTOMPROPERTY11::uSNCreated#String,
VALIDTHROUGH::accountExpires#millisec,
CUSTOMPROPERTY12::logonCount#String,
CUSTOMPROPERTY13::physicalDeliveryOfficeName#String,
UPDATEDATE::whenChanged#date,
CUSTOMPROPERTY14::extensionAttribute1#String,
CUSTOMPROPERTY15::extensionAttribute2#String,
CUSTOMPROPERTY16::streetAddress#String,
CUSTOMPROPERTY17::mailNickname#String,
CUSTOMPROPERTY18::department#String,
CUSTOMPROPERTY19::countryCode#String,
NAME::sAMAccountName#String,
CUSTOMPROPERTY21::manager#String,
CUSTOMPROPERTY22::homePhone#String,
CUSTOMPROPERTY23::mobile#String,
CREATED_ON::whenCreated#date,
ACCOUNTCLASS::objectClass#String,
ACCOUNTID::objectGUID#Binary,
CUSTOMPROPERTY24::userAccountControl#String,
CUSTOMPROPERTY27::objectSid#Binary,
RECONCILATION_FIELD::CUSTOMPROPERTY26,
CUSTOMPROPERTY26::objectGUID#Binary,
CUSTOMPROPERTY29::st#String
]

ref : https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Importing-...

https://forums.saviynt.com/t5/identity-governance/import-ad-groups-without-members/m-p/38699

https://forums.saviynt.com/t5/connector/active-directory-best-practice/ta-p/37661

Please perform below changes

• ACCOUNT_IMPORT_FIELDS = id,userPrincipalName,givenName,surname,businessPhones,accountEnabled,employeeId,jobTitle,userType,displayName,onPremisesSyncEnabled,city,onPremisesExtensionAttributes
•  ACCOUNT_ATTRIBUTES

{
  "acctLabels": {
    "customproperty1": "First Name",
    "customproperty2": "Last Name",
    "customproperty3": "Office Phone",
    "customproperty10": "Account Status",
    "customproperty11": "Employee ID",
    "customproperty12": "Job Title",
    "customproperty13": "User Type",
    "customproperty14": "Directory Synced",
    "customproperty16": "City",
    "customproperty30": "Visibility label"
  },
  "colsToPropsMap": {
    "accountID": "id~#~char",
    "name": "userPrincipalName~#~char",
    "displayname": "displayName~#~char",
    "customproperty1": "givenName~#~char",
    "customproperty2": "surname~#~char",
    "customproperty3": "businessPhones~#~char",
    "customproperty10": "accountEnabled~#~bool",
    "customproperty11": "employeeId~#~char",
    "customproperty12": "jobTitle~#~char",
    "customproperty13": "userType~#~char",
    "customproperty14": "onPremisesSyncEnabled~#~bool",
    "customproperty16": "city~#~char",
    "customproperty30": "visibility~#~char",
	"customproperty31": "onPremisesExtensionAttributes.extensionAttribute3~#~char"
  }
}

Hi Rushikesh,

Please let us know by Using the AzureAD connector can we import the accounts with AdditionalProperties like (extension_33b53b974_msDS_cloudExtensionAttribute5, extension_33b53b974_company,extension_33b53b974_msDS_cloudExtensionAttribute11) from AzureAD to Saviynt through reconciliation.

Thanks and regards,

Kumar Vadlamudi

Hi Rushikesh,

I am trying the map the below extension attribute to Saviynt account customproperty33 and I could see the response in the logs. But, it is not mapping the value to customproperty33.

extension_33b53b974ebd4c309b00e14362d94da1_msDS_cloudExtensionAttribute5

Below is the Account import JSON for your reference.

{
"acctLabels": {
"customproperty1": "FirstName_CP1",
"customproperty2": "LastName_CP2",
"customproperty3": "OfficePhoneCP3",
"customproperty4": "Email_CP4",
"customproperty5": "MobilePhone_CP5",
"customproperty6": "OfficeLocation_CP6",
"customproperty7": "PreferredLanguage_CP7",
"customproperty8": "UserType_CP8",
"customproperty9": "JobTitle_CP9",
"customproperty10": "AccountStatus_CP10",
"customproperty11": "onPremisesSyncEnabled_CP11",
"customproperty12": "onPremisesImmutableId_CP12",
"customproperty14": "onPremisesLastSyncDateTime_CP14",
"customproperty15": "onPremisesSecurityIdentifier_CP15",
"customproperty16": "city_CP16",
"customproperty17": "country_CP17",
"customproperty18": "department_CP18",
"customproperty19": "usageLocation_CP19",
"customproperty20": "EmployeeID_CP20",
"customproperty21": "mailNickname_CP21",
"customproperty22": "CompanyName_CP22",
"customproperty31": "ACCENT_Mapping_Info_CP31",
"customproperty32": "Extension1sAMAccountName_CP32",
"customproperty33": "msDS_cloudExtensionAttribute5_CP33",
"customproperty34": "msDS_cloudExtensionAttribute1_CP34"


},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"displayName": "displayName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty3": "businessPhones~#~char",
"customproperty4": "mail~#~char",
"customproperty5": "mobilePhone~#~char",
"customproperty6": "officeLocation~#~char",
"customproperty7": "preferredLanguage~#~char",
"customproperty8": "userType~#~char",
"customproperty9": "jobtitle~#~char",
"customproperty10": "accountEnabled~#~char",
"customproperty11": "onPremisesSyncEnabled~#~char",
"customproperty12": "onPremisesImmutableId~#~char",
"customproperty14": "onPremisesLastSyncDateTime~#~char",
"customproperty15": "onPremisesSecurityIdentifier~#~char",
"customproperty16": "city~#~char",
"customproperty17": "country~#~char",
"customproperty18": "department~#~char",
"customproperty19": "usageLocation~#~char",
"customproperty20": "employeeId~#~char",
"customproperty21": "mailNickname~#~char",
"customproperty22": "companyName~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char",
"customproperty32": "extension_33b53b974ebd4c309b00e14362d94da1_sAMAccountName~#~char",
"customproperty33": "extension_33b53b974ebd4c309b00e14362d94da1_msDS_cloudExtensionAttribute5~#~char",
"customproperty34": "extension_33b53b974ebd4c309b00e14362d94da1_msDS_cloudExtensionAttribute1#~char"

}
}

 I have attached logs for your reference.

Request you to help us in fixing this issue.

Thanks and Regards,

Kumar Vadlamudi

Hi Rushikesh,

After removing extra e from companyNamee. We are still seeing that the extension attribute is not mapping to customproperty33.

Thanks and Regards,

Kumar Vadlamudi

Hi Rushikesh,

I am getting below exception when i try to import the extension attributes from Azure AD for Accounts.

I have attached the logs for your reference.

2024-02-29T11:16:54+05:30-ecm-worker-"log":"2024-02-29 05:46:54,271 [quartzScheduler_Worker-4 ERROR generic.GenericProvisioningService - Exception in persistAccounts try2 \n","stream":"stdout","time":"2024-02-29T05:46:54.272525326Z"}

My observation is I am not the extension attribute value as "Null" in the response. If attribute is null the attribute itself not coming in the response.

I have also attached the postman request and Response payload as well.

Please let us know how this issue can be resolved.

Thanks and Regards,

Kumar Vadlamudi

Hi Rushikesh,

Is there any way to check if the key exists in the response JSON. For Azure AD if some user is not having a value for a key that key itself is not coming in the response JSON.

For ex :- For User AS5367, the key 'extensionAttribute8' exists..so this key is coming in the response. But, for user KV5236, this field is empty ..so in the response the key itself is not coming.

Thanks and Regards,

Kumar Vadlamudi

Hi Rushikesh,

Could you please let us know how this issue can be resolved.

Thanks and Regards,

Kumar Vadlamudi

@rushikeshvartak 

I tried using:

"customproperty48": "#CONST#${String r=response.extension_33b53b974ebd4c309b00e14362d94da1_adeccoPersonUniqueIDNumber; return (r==null?'':response.extension_33b53b974ebd4c309b00e14362d94da1_adeccoPersonUniqueIDNumber)}~#~char"

But this puts the code as the value in the customProperty. So, the value saved in customproperty48 is: String r=response.extension_33b53b974ebd4c309b00e14362d94da1_adeccoPersonUniqueIDNumber; return (r==null?'':response.extension_33b53b974ebd4c309b00e14362d94da1_adeccoPersonUniqueIDNumber)

I am not sure why this might be happening. The datatype of Cp48 is varchar(255) and the total length of the extensionAttribute value will not exceed 100 characters.

Please advice.

Thanks.

Can you confirm if customproperty34 with extension attribute mapping working as expected? 

try this:
"#CONST#${String r=response.extension_33b53b974ebd4c309b00e14362d94da1_adeccoPersonUniqueIDNumber; return (r==null?'':response.extension_33b53b974ebd4c309b00e14362d94da1_adeccoPersonUniqueIDNumber)}~#~char"

Hi Adarshk,

There is syntax issue in customproperty34 and it has been corrected now. We are able to reconcile the data without any issues.

Thanks,

Kumar Vadlamudi