Hi Saviynt Team,
We are trying to integrate Celonis application with Saviynt v23.8
Problem statement:
Application REST APIs doesn't support any authentication, but it has non-expired AppKey for authentication.
To get response from import API in Postman, we just need to keep import API URL in URL section and in headers Authorization : AppKey xyzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz. Please see Postman screen below.
Q1> Do you suggest us to keep same non-expired AppKey value in Import account JSON although it is non encrypted?
Q2> or Is there any way we can keep this non-expired AppKey in Connection JSON and get the same AppKey every time when we perform import. If yes, kindly share the sample JSON.
Please help/suggest us ASAP. Sorry we are in tight timelines. Thanks.
Hi Macro,
Thank you so much. I'm able to import accounts successfully now.
But, as per the requirement I need to map role present in the below response with entitlement_glossary in accountParams. below is the mapping which I'm using, but it is not working.
"entitlement_glossary": "urn:celonis:params:scim:schemas:extension:2.0:Group.role~#~char"
Kindly assit me. Thanks.
Need your assistance on the below.
I'm using "processingType": "httpEntToAcct" in acctEntParams.
But in acctEntParams looks like i need to iterate members array to get id (attribute name: value) of the users who are part of the group for act-ent mapping.
"acctIdPath": "members[0].value" - If i keep members[0] then only first user of the group is getting correlated in Saviynt.
Please see API response which I'm using in acctEntParams and ImportAccountEntJSON below. Thanks.
ImportAccountEntJSON:
=====================
{
"globalSettings": {
"dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty11",
"activeStatus": [
"true"
],
"deleteLinks": true,
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false
},
"includeExistingInActiveAccounts": true,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://sandbox/user-provisioning/scim/v2/Users",
"httpMethod": "GET",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}"
}
},
"listField": "Resources",
"keyField": "accountID",
"colsToPropsMap": {
"name": "userName~#~char",
"accountID": "id~#~char",
"status": "active~#~bool",
"customproperty1": "displayName~#~char",
"customproperty11": "active~#~bool"
}
}
}
},
"entitlementParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Group": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://sandbox/user-provisioning/scim/v2/Groups",
"httpMethod": "GET",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}"
}
},
"listField": "Resources",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"displayname": "displayName~#~char",
"entitlement_glossary": "urn:celonis:params:scim:schemas:extension:2~dot#0:Group.role~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"connection": "userAuth",
"entTypes": {
"Group": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpEntToAcct",
"http": {
"url": "https://sandbox/user-provisioning/scim/v2/Groups/${id}",
"httpMethod": "GET",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}"
}
},
"listField": "",
"entIdPath": "id",
"entKeyField": "entitlementID",
"acctIdPath": "members[0].value",
"acctKeyField": "accountID"
}
}
}
}
}
}
[Moderator Edit Note: Masked sensitive info]
The above config change helps. Now I see act-ent mapping is working as expected.
But I also need pagination as per requirement. Import is not bringing all the users and groups after pagination config was added.
Kindly assist me. Thanks.
Groups API response:
===================
Users API response:
===================
ImportAccountEntJSON
===================
{
"globalSettings": {
"dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
},
"showLogs": true,
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty11",
"activeStatus": [
"true"
],
"deleteLinks": true,
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false
},
"includeExistingInActiveAccounts": true,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://sandbox.xyz.cloud/user-provisioning/scim/v2/Users?count=10&startIndex=1",
"httpMethod": "GET",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}"
}
},
"listField": "Resources",
"keyField": "accountID",
"colsToPropsMap": {
"name": "userName~#~char",
"accountID": "id~#~char",
"status": "active~#~bool",
"customproperty1": "displayName~#~char",
"customproperty11": "active~#~bool"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.completeResponseMap?.itemsPerPage<11?null:'https://sandbox.xyz.cloud/user-provisioning/scim/v2/Users?count=10&startIndex='+Math.addExact(respon...)}"
}
}
}
}
},
"entitlementParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Group": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://sandbox.xyz.cloud/user-provisioning/scim/v2/Groups?count=2&startIndex=1",
"httpMethod": "GET",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}"
}
},
"listField": "Resources",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"displayname": "displayName~#~char",
"entitlement_glossary": "urn:celonis:params:scim:schemas:extension:2~dot#0:Group.role~#~char"
},
"disableDeletedEntitlements": true,
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.completeResponseMap?.itemsPerPage<3?null:'https://sandbox.xyz.cloud/user-provisioning/scim/v2/Groups?count=2&startIndex='+Math.addExact(respon...)}"
}
}
}
}
}
}
},
"acctEntParams": {
"connection": "userAuth",
"entTypes": {
"Group": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpEntToAcct",
"http": {
"url": "https://sandbox.xyz.cloud/user-provisioning/scim/v2/Groups/${id}",
"httpMethod": "GET",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}"
}
},
"listField": "members",
"entKeyField": "entitlementID",
"acctIdPath": "value",
"acctKeyField": "accountID"
}
}
}
}
}
}
[This message has been edited by moderator to mask sensitive info]
Hi @marco
Thank you so much. I see import is working as expected with pagination now.
But, once in a while import job fails saying that failed URL, but at the same time when we check in Postman, we can see that the import API is providing a response and also target application server is up and running.
Note: If we just replace the same connection JSON and test the connection, after that import job works as expected. Why is this occuring? Should I enable any flag to fix this issue?
I'm attaching the connection JSON and Import Account JSON for your reference. Kindly assist us. Thanks.
Hi @marco
Currently we are using below in the config JSON.
{
"connectionTimeoutConfig": {
"connectionTimeout": 60,
"readTimeout": 500,
"writeTimeout": 500,
"retryWait": 2,
"retryCount": 3
}
}
Would it be possible to keep as below? Please confirm. Thanks.
{
"showLogs": true,
"connectionTimeoutConfig": {
"connectionTimeout": 60,
"readTimeout": 500,
"writeTimeout": 500,
"retryWait": 2,
"retryCount": 3
}
}
Hi @marco
We are facing intermittent import issue. We get 401 unauthorized error after running import. It happens mostly once in a day.
Note:
1. When we check in Postman and Swagger with same AppKey at the same time, we see the response and the data. There is no access issue with the token, we have verified with app team as well and import is completly working fine all over the day except only one time.
When we replace same connection JSON and test the connection, after that import will start working.
I don't see any issue with the import json config as import works fine through out the day except only one time.
Please guide us what needs to be do in this case? Attaching the connection JSON, Improt account ent JSON and Config JSON for your Analysis.
Appreciate your response at the earliest. Thanks
Hi @marco
We are facing one issue. As per the requirement we need to keep Create Task Action as Entitlements Only. If we keep Create Task Action as Entitlements only at security system level as below.
We see that only Add Access gets created as expected. But, when we process add access tasks, we see that new account is getting created in target application but in Saviynt account is NOT showing up.
We have tried to process the add access tasks again but internally Saviynt is triggering create account json as account is NOT showing up in Saviynt. Since the account is already present in the taraget application, create Account API throwing error saying that "User already present".
Problem: It is impacting new account creation.
Kindly guide us. Appreciate your response at the earliest. Thanks
Note: Below sucess response codes from create account API.
"successResponses": {
"statusCode": [
201
]
}
