Hi Community Members,
We are having requirement to pull details of AAD users including their lastsignInactivity and manager details. Since OOTB, does not support bringing in LastSignInActivity of the users, we had to use Generic REST Connector. Since the manager details also are fetched in the separate call, we also had to use multiple calls to bring in the data we require.
The issue we are facing is, when Saviynt is trying to make second level call for each member, we are getting 429 Unknown Error, which is basically Throttling Response from graph api. Hence we are unable to pull manager details of the members. We tried with the solutions provided on the forums earlier like adding the ApiRateLimitConfig, however, the issue still persists. Can someone please help to resolve the issue.
Connection JSON:
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"httpHeaders": {
"Accept": "application/json"
},
"authError": [
"InvalidAuthenticationToken"
],
"url": "https://login.microsoftonline.com/tenantid/oauth2/v2.0/token",
"httpMethod": "POST",
"httpContentType": "application/x-www-form-urlencoded",
"errorPath": "error.code",
"maxRefreshTryCount": 2,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"authHeaderName": "Authorization",
"accessToken": "Bearer ABCD",
"httpParams": {
"grant_type": "client_credentials",
"client_id": "ABCDE",
"client_secret": "ABCDE",
"apiRateLimitConfig": {
"retryAfterCalls": 120,
"retryWaitSeconds": 120
},
"scope":"https://graph.microsoft.com/.default"
},
"retryFailureStatusCode": [
401
]
}
}
}
Below is the ImportAccountEntJSON:
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"createUsers": false,
"statusConfig": {
"statusColumn": "customproperty10",
"activeStatus": [
true
],
"deleteLinks": false,
"accountThresholdValue": 10000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": false
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users?$select=id,userPrincipalName,displayName,accountEnabled,given...",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
}
},
"successResponses": {
"statusCode": [
200,
201
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
404,
405,
500,
429
]
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"displayName": "displayName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty8": "userType~#~char",
"customproperty9": "jobTitle~#~char",
"customproperty10": "accountEnabled~#~char",
"customproperty16": "city~#~char",
"customproperty17": "country~#~char",
"customproperty18": "department~#~char",
"customproperty20": "companyName~#~char",
"customproperty22": "signInActivity.lastSignInDateTime~#~char"
},
"listField": "value",
"keyField": "accountID",
"pagination": {
"nextUrl": {
"nextUrlPath": "${(response?.completeResponseMap?.get('@odata.nextLink')==null)? null : response?.completeResponseMap?.get('@odata.nextLink')}"
}
}
},
"call2": {
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}/?%24select=id,userPrincipalName,displayN...",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
}
},
"inputParams": {
"dependentCall": true
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"customproperty21": "manager.userPrincipalName~#~char"
},
"listField": "",
"keyField": "accountID",
"nextApiKeyField": "accountID",
"successResponses": {
"statusCode": [
200,
201
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
404,
405,
500,
429
]
}
}
}
}
}
Any help would be appreciated.
Thanks,
Mohit Arora
