and more in a single search tool across platforms. Read the announcement here. |
06/06/2023 04:53 AM
Hi all,
We have configured an ImportAccntEntJson where we are calling the Saviynt CreateRequestAPI whenever a ServiceNow catalog item is being imported from SNOW table as an account.
W are able to generate the tasks using Postman but when we try the same from Saviynt the job is erroring out with error: 401 Status Code.
The Service Account has all the required privileges.
I feel that the ConnectionJSON we have configured in order to call the SSM API has some issue.
Here is the Connection JSON we are using:
{
"authentications": {
"ssmAuth": {
"authType": "oauth2",
"httpHeaders": {
"Accept": "application/json"
},
"authError": [
"InvalidAuthenticationToken"
],
"url": "https://xxxx.saviyntcloud.com/ECM/api/login",
"httpMethod": "POST",
"httpContentType": "application/json",
"httpParams": "{\"username\":\"xxxx\",\"password\":\"xxxxx\"}",
"errorPath": "error.code",
"maxRefreshTryCount": 2,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"authHeaderName": "Authorization",
"accessToken": "Bearer xxxx",
"retryFailureStatusCode": [
401
]
},
"snowAuth": {
"authType": "Basic",
"url": "https://xxxxx.service-now.com/api/now/table/u_adm_accounts_management",
"httpMethod": "GET",
"httpHeaders": {},
"properties": {
"userName": "xxxx",
"password": "xxxxxx"
},
"httpContentType": "application/json",
"expiryError": "ExpiredAuthenticationToken",
"retryFailureStatusCode": [403, 401, 500],
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"Authentication_ExpiredToken"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Basic",
"accessToken": "Basic xxxx"
}
}
Below is the ImportAccntEntJson:
{
"accountParams": {
"connection": "snowAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200
]
},
"call": {
"call1": {
"connection": "snowAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxx.service-now.com/api/now/table/u_adm_accounts_management/02ef054d1b84685800ac0f686e4bcb...",
"httpHeaders": {
"Content-Type": "application/json",
"Accept": "application/json",
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201
]
},
"httpMethod": "GET"
},
"listField": "result",
"keyField": "accountID",
"statusConfig": {
"active": "Active",
"inactive": "Inactive"
},
"colsToPropsMap": {
"accountID": "u_employee_id~#~char",
"name": "u_employee_name~#~char",
"displayname": "u_employee_name~#~char",
"status": "u_status~#~char",
"customproperty1": "u_adm_id~#~char",
"customproperty2": "u_source~#~char",
"customproperty3": "u_require_azure_ad_access~#~char",
"customproperty4": "sys_id~#~char",
"customproperty5": "sys_updated_by~#~char",
"customproperty6": "u_manager~#~char",
"customproperty7": "sys_created_by~#~char",
"customproperty8": "u_review_date~#~char"
}
},
"call2": {
"connection": "ssmAuth",
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "https://xxxxx.saviyntcloud.com/ECM/api/v5/createautoapprovedrequest",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204
]
},
"unsuccessResponses": {
"statusCode": [400, 403, 401, 404, 409, 501, 500]
},
"httpMethod": "POST",
"httpParams": "{\"username\": \"c053436\",\"requestor\": \"admin\",\"comments\": \"AD admin account request\",\"requestaccess\": [{\"endpoint\": \"Active Directory\", \"securitysystem\": \"Active Directory\",\"requesttype\":\"3\",\"accountname\":\"adm053436\"}]}",
"inputParams": {
"dependentCall": true
}
}
}
}
},
"entitlementParams": {},
"acctEntParams": {}
}
We are using hardcoded values in the httpParams for now as we are testing for a single user.
Please guide as to why we might be facing the 401 Unauthorized error. We have tried generating a new Access Token and pasting in the Authorization("accessToken": "Bearer xxxx"). The authentication part for SNOW is working fine and the account(catalog item) is imported. Only the second call(call2) i.e is the SSM API CreateRequest API call is failing.
Thanks,
Atul Singh
06/07/2023 10:30 AM
Let me check the JSON and will update.
06/07/2023 10:24 PM - edited 06/08/2023 06:55 AM
I was using the 'dependentCall' Parameter inside 'http'. Once I moved it outside I didn't get the 401 error. But the call2 is not at all being called. call1 is called and account is being imported. The job shows success.
When I completely removed the 'dependentCall' parameter the job is again throwing 401 error.
Someone mentioned that, currently REST Connector doesn't support multiple authentication types for ImportAccount json. Maybe that's the reason we are getting the 401 error?.
In that case how do we even achieve our requirement?. The requirement is that whenever a Service Now catalog item is imported as account, an AD admin account request should be automatically created.
We don't have a concept of AccountUpdateRules. So, how do we achieve this? . Any thoughts?.
Thanks,
Atul Singh
06/08/2023 09:45 AM
One way to achieve this is to use Actionable analytics and trigger tasks for the required users. Multiple auth is supported but I don't believe you will be able to generate tasks using ImportJSON.
06/09/2023 01:16 AM
That was the option that came to mind at first but we found that there is no Create Account Option when configuring Actionable Analytics. It seems Create Account tasks cannot be created using Analytics.
06/08/2023 09:51 AM
It wont work how saviynt will know access_token is for snow or ssm