and more in a single search tool across platforms. Read the announcement here. |
02/22/2024 02:25 AM
Extension attributes mapping from Azure AD to Saviynt accounts Custom attributes using Azure AD connector.
-> We have a requirement to reconcile the extension attributes values from Azure AD to Saviynt accounts attributes using the Azure AD connector.
Please let us know how this can be implemented in Saviynt.
02/22/2024 02:37 AM - edited 02/22/2024 02:37 AM
Hi @kumarv
Configure the extension attributes in the ACCOUNT_ATTRIBUTES field of the connector. Please refer to the below guide
https://docs.saviyntcloud.com/bundle/AzureAD-v2021x/page/Content/Troubleshooting.htm
02/22/2024 05:42 AM
Sample AD and Saviynt account mapping attribute via UI
[
CUSTOMPROPERTY1::cn#String,
CUSTOMPROPERTY30::userAccountControl#String,
CUSTOMPROPERTY2::userPrincipalName#String,
CUSTOMPROPERTY28::primaryGroupID#String,
LASTLOGONDATE::lastLogon#millisec,
DISPLAYNAME::name#String,
CUSTOMPROPERTY25::company#String,
CUSTOMPROPERTY20::employeeID#String,
CUSTOMPROPERTY3::sn#String,
COMMENTS::distinguishedName#String,
CUSTOMPROPERTY4::homeDirectory#String,
LASTPASSWORDCHANGE::pwdLastSet#millisec,
CUSTOMPROPERTY5::co#String,
CUSTOMPROPERTY6::employeeNumber#String,
CUSTOMPROPERTY7::givenName#String,
CUSTOMPROPERTY8::title#String,
CUSTOMPROPERTY9::telephoneNumber#String,
CUSTOMPROPERTY10::c#String,
DESCRIPTION::description#String,
CUSTOMPROPERTY11::uSNCreated#String,
VALIDTHROUGH::accountExpires#millisec,
CUSTOMPROPERTY12::logonCount#String,
CUSTOMPROPERTY13::physicalDeliveryOfficeName#String,
UPDATEDATE::whenChanged#date,
CUSTOMPROPERTY14::extensionAttribute1#String,
CUSTOMPROPERTY15::extensionAttribute2#String,
CUSTOMPROPERTY16::streetAddress#String,
CUSTOMPROPERTY17::mailNickname#String,
CUSTOMPROPERTY18::department#String,
CUSTOMPROPERTY19::countryCode#String,
NAME::sAMAccountName#String,
CUSTOMPROPERTY21::manager#String,
CUSTOMPROPERTY22::homePhone#String,
CUSTOMPROPERTY23::mobile#String,
CREATED_ON::whenCreated#date,
ACCOUNTCLASS::objectClass#String,
ACCOUNTID::objectGUID#Binary,
CUSTOMPROPERTY24::userAccountControl#String,
CUSTOMPROPERTY27::objectSid#Binary,
RECONCILATION_FIELD::CUSTOMPROPERTY26,
CUSTOMPROPERTY26::objectGUID#Binary,
CUSTOMPROPERTY29::st#String
]
https://forums.saviynt.com/t5/identity-governance/import-ad-groups-without-members/m-p/38699
https://forums.saviynt.com/t5/connector/active-directory-best-practice/ta-p/37661
02/22/2024 09:24 PM
Ask is Azure AD not AD
02/22/2024 09:29 PM
Please perform below changes
{
"acctLabels": {
"customproperty1": "First Name",
"customproperty2": "Last Name",
"customproperty3": "Office Phone",
"customproperty10": "Account Status",
"customproperty11": "Employee ID",
"customproperty12": "Job Title",
"customproperty13": "User Type",
"customproperty14": "Directory Synced",
"customproperty16": "City",
"customproperty30": "Visibility label"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"displayname": "displayName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty3": "businessPhones~#~char",
"customproperty10": "accountEnabled~#~bool",
"customproperty11": "employeeId~#~char",
"customproperty12": "jobTitle~#~char",
"customproperty13": "userType~#~char",
"customproperty14": "onPremisesSyncEnabled~#~bool",
"customproperty16": "city~#~char",
"customproperty30": "visibility~#~char",
"customproperty31": "onPremisesExtensionAttributes.extensionAttribute3~#~char"
}
}
02/23/2024 06:34 AM
Hi Rushikesh,
Please let us know by Using the AzureAD connector can we import the accounts with AdditionalProperties like (extension_33b53b974_msDS_cloudExtensionAttribute5, extension_33b53b974_company,extension_33b53b974_msDS_cloudExtensionAttribute11) from AzureAD to Saviynt through reconciliation.
Thanks and regards,
Kumar Vadlamudi
02/25/2024 10:57 AM
Yes
02/27/2024 03:57 AM
Hi Rushikesh,
I am trying the map the below extension attribute to Saviynt account customproperty33 and I could see the response in the logs. But, it is not mapping the value to customproperty33.
extension_33b53b974ebd4c309b00e14362d94da1_msDS_cloudExtensionAttribute5
Below is the Account import JSON for your reference.
{
"acctLabels": {
"customproperty1": "FirstName_CP1",
"customproperty2": "LastName_CP2",
"customproperty3": "OfficePhoneCP3",
"customproperty4": "Email_CP4",
"customproperty5": "MobilePhone_CP5",
"customproperty6": "OfficeLocation_CP6",
"customproperty7": "PreferredLanguage_CP7",
"customproperty8": "UserType_CP8",
"customproperty9": "JobTitle_CP9",
"customproperty10": "AccountStatus_CP10",
"customproperty11": "onPremisesSyncEnabled_CP11",
"customproperty12": "onPremisesImmutableId_CP12",
"customproperty14": "onPremisesLastSyncDateTime_CP14",
"customproperty15": "onPremisesSecurityIdentifier_CP15",
"customproperty16": "city_CP16",
"customproperty17": "country_CP17",
"customproperty18": "department_CP18",
"customproperty19": "usageLocation_CP19",
"customproperty20": "EmployeeID_CP20",
"customproperty21": "mailNickname_CP21",
"customproperty22": "CompanyName_CP22",
"customproperty31": "ACCENT_Mapping_Info_CP31",
"customproperty32": "Extension1sAMAccountName_CP32",
"customproperty33": "msDS_cloudExtensionAttribute5_CP33",
"customproperty34": "msDS_cloudExtensionAttribute1_CP34"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"displayName": "displayName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty3": "businessPhones~#~char",
"customproperty4": "mail~#~char",
"customproperty5": "mobilePhone~#~char",
"customproperty6": "officeLocation~#~char",
"customproperty7": "preferredLanguage~#~char",
"customproperty8": "userType~#~char",
"customproperty9": "jobtitle~#~char",
"customproperty10": "accountEnabled~#~char",
"customproperty11": "onPremisesSyncEnabled~#~char",
"customproperty12": "onPremisesImmutableId~#~char",
"customproperty14": "onPremisesLastSyncDateTime~#~char",
"customproperty15": "onPremisesSecurityIdentifier~#~char",
"customproperty16": "city~#~char",
"customproperty17": "country~#~char",
"customproperty18": "department~#~char",
"customproperty19": "usageLocation~#~char",
"customproperty20": "employeeId~#~char",
"customproperty21": "mailNickname~#~char",
"customproperty22": "companyName~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char",
"customproperty32": "extension_33b53b974ebd4c309b00e14362d94da1_sAMAccountName~#~char",
"customproperty33": "extension_33b53b974ebd4c309b00e14362d94da1_msDS_cloudExtensionAttribute5~#~char",
"customproperty34": "extension_33b53b974ebd4c309b00e14362d94da1_msDS_cloudExtensionAttribute1#~char"
}
}
I have attached logs for your reference.
Request you to help us in fixing this issue.
Thanks and Regards,
Kumar Vadlamudi
02/27/2024 09:28 PM
there is extra e in companyname
https://graph.microsoft.com/v1.0/users/delta?$select=accountEnabled,displayName,id,businessPhones,us...,companyNamee,extension_33b53b974ebd4c309b00e14362d94da1_sAMAccountName,extension_33b53b974ebd4c309b00e14362d94da1_msDS_cloudExtensionAttribute5,extension_33b53b974ebd4c309b00e14362d94da1_msDS_cloudExtensionAttribute1\u0026$deltaToken=latest
02/27/2024 11:27 PM
Hi Rushikesh,
After removing extra e from companyNamee. We are still seeing that the extension attribute is not mapping to customproperty33.
Thanks and Regards,
Kumar Vadlamudi
02/28/2024 10:03 PM
Hi Rushikesh,
I am getting below exception when i try to import the extension attributes from Azure AD for Accounts.
I have attached the logs for your reference.
2024-02-29T11:16:54+05:30-ecm-worker-"log":"2024-02-29 05:46:54,271 [quartzScheduler_Worker-4 ERROR generic.GenericProvisioningService - Exception in persistAccounts try2 \n","stream":"stdout","time":"2024-02-29T05:46:54.272525326Z"}
My observation is I am not the extension attribute value as "Null" in the response. If attribute is null the attribute itself not coming in the response.
I have also attached the postman request and Response payload as well.
Please let us know how this issue can be resolved.
Thanks and Regards,
Kumar Vadlamudi
02/29/2024 02:09 AM
Hi Rushikesh,
Is there any way to check if the key exists in the response JSON. For Azure AD if some user is not having a value for a key that key itself is not coming in the response JSON.
For ex :- For User AS5367, the key 'extensionAttribute8' exists..so this key is coming in the response. But, for user KV5236, this field is empty ..so in the response the key itself is not coming.
Thanks and Regards,
Kumar Vadlamudi
03/02/2024 01:08 PM
Does it work where user have value ?
03/03/2024 02:39 AM
Hi Rushikesh,
Yes. If user has an extension attribute value. It is mapping fine.
Regards,
Kumar Vadlamudi
03/03/2024 09:12 AM
Use #CONST if blank then set to null
03/01/2024 09:27 AM
Hi Rushikesh,
Could you please let us know how this issue can be resolved.
Thanks and Regards,
Kumar Vadlamudi
03/04/2024 06:47 AM
I tried using:
"customproperty48": "#CONST#${String r=response.extension_33b53b974ebd4c309b00e14362d94da1_adeccoPersonUniqueIDNumber; return (r==null?'':response.extension_33b53b974ebd4c309b00e14362d94da1_adeccoPersonUniqueIDNumber)}~#~char"
But this puts the code as the value in the customProperty. So, the value saved in customproperty48 is: String r=response.extension_33b53b974ebd4c309b00e14362d94da1_adeccoPersonUniqueIDNumber; return (r==null?'':response.extension_33b53b974ebd4c309b00e14362d94da1_adeccoPersonUniqueIDNumber)
I am not sure why this might be happening. The datatype of Cp48 is varchar(255) and the total length of the extensionAttribute value will not exceed 100 characters.
Please advice.
Thanks.
03/18/2024 06:28 AM
I have noticed same const does not work properly in AzureAD connection
03/18/2024 05:31 AM - edited 03/18/2024 05:34 AM
Can you confirm if customproperty34 with extension attribute mapping working as expected?
try this:
"#CONST#${String r=response.extension_33b53b974ebd4c309b00e14362d94da1_adeccoPersonUniqueIDNumber; return (r==null?'':response.extension_33b53b974ebd4c309b00e14362d94da1_adeccoPersonUniqueIDNumber)}~#~char"
03/20/2024 05:16 PM
Hi Adarshk,
There is syntax issue in customproperty34 and it has been corrected now. We are able to reconcile the data without any issues.
Thanks,
Kumar Vadlamudi
03/20/2024 09:51 PM
Please share fixed json
03/20/2024 11:16 PM
Hi Rushikesh,
The '~' is missing for the JSON attribute below. after fixing this, it started working. I haven't used CONST in the account attribute JSON. If you still need the JSON I will provide you.
"customproperty34": "extension_02e50128e1e445ff90d3f0d7e728afee_msDS_cloudExtensionAttribute17~#~char"
Thanks and Regards,
Kumar Vadlamudi