Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

How to bring httpAccntToEnt values in account parameters

ASVijayan
New Contributor
New Contributor

Hi All,

We have onboarded a Git organization into saviynt.

Users have either admin permission or member permission in the organization. We have used the standard JSON mentioned in the documentation (Creating an Integration (saviyntcloud.com))

The permission is visible in UI as below:

ASVijayan_1-1724767545353.png

This permission details are currently not visible in attestations.

Below is the JSON snippet where we are importing the permissions:

"acctEntParams": {
    "processingType": "httpEntToAcct",
    "connection": "acctAuth",
    "initPrivigesMap": [
      {
        "privName": "Permission",
        "attrType": 3,
        "entType": "Organization",
        "cfgType": 1,
        "attributeValues": "",
        "defaultValue": ""      },
.
.
.
.
.
.
.
"entTypes": {
      "Organization": {
        "call": {
          "call1": {
            "callOrder": 0,
            "stageNumber": 8,
            "http": {
              "httpHeaders": {
                "Authorization": "${access_token}"              },
              "url": "https://<DOMAIN>/orgs/${id}/members",
              "httpContentType": "application/x-www-form-urlencoded",
              "httpMethod": "GET"            },
            "listField": "",
            "acctKeyField": "accountID",
            "entKeyField": "entitlement_value",
            "acctIdPath": "id",
            "privilegeParams": {
              "attrName": "Permission",
              "attrValue": "member"            }
          },

 Is there anyway we can map this permission to account attribute, so that this can be used for attestation? Or any other way so that this particular attribute is available for attestation?

Regards,

Athira

9 REPLIES 9

rushikeshvartak
All-Star
All-Star
  • You can store in account attribute 
  • Or if you want as entitlement then bring as new entitlement type (if api available)

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ASVijayan
New Contributor
New Contributor

Hi @rushikeshvartak ,

Can you please show a sample of how this can be brought to account attribute?

Regards,

Athira Vijayan

Do you have API for same ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

This is the sample one we are using (standard one documentation):

{
"accountParams": {
"connection": "acctAuth",
"createUsers": false,
"adminName": "admin",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://<DOMAIN>/orgs/<Org_Name>/members?per_page=100&page=1",
"httpHeaders": {
"Authorization": "${access_token}" },
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "login~#~char",
"displayName": "login~#~char" },
"makeProcessingStatus": true,
"disableDeletedAccounts": true,
"pagination": {
"nextUrl": {
"nextUrlPath": "${headers?.Link==null?'':headers?.Link?.contains('next')?headers?.Link?.split(',')?.size()==2?headers?.Link?.split(',')[0]?.replace('<', '')?.replace('>; rel=\"next\"','')?.trim():headers?.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim():''}" }
}
},
"call2": {
"callOrder": 1,
"stageNumber": 1,
"http": {
"url": "https://<DOMAIN>/users/${accountName}",
"httpHeaders": {
"Authorization": "${access_token}" },
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "login~#~char",
"displayName": "login~#~char",
"customproperty1": "avatar_url~#~char",
"customproperty2": "gravatar_id~#~char",
"customproperty3": "url~#~char",
"customproperty10": "suspended_at~#~char" },
"multiTrigger": {
"multiTriggerType": "MultiTriggerByAccountBatching",
"triggersCount": "20",
"params": {
"accountsoraccess": "accounts" }
}
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"supportedEntitlementTypes": [
"Organization",
"Team",
"Repository" ],
"entTypes": {
"Organization": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 3,
"inputParams": {
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${entitlementValue}",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "login~#~char",
"customproperty6": "url~#~char",
"customproperty7": "description~#~char",
"customproperty8": "public_repos~#~char",
"customproperty9": "public_gists~#~char",
"customproperty10": "followers~#~char" }
},
"call2": {
"callOrder": 1,
"dummyCall": true,
"stageNumber": 4,
"inputParams": {
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"multiTrigger": {
"multiTriggerType": "MultiTriggerByEntitlementBatching",
"triggersCount": "20",
"params": {
"accountsoraccess": "access" }
}
}
}
},
"Team": {
"entTypeOrder": 1,
"entitlementOwnerConfig": {
"maxNumberOfOwner": 4,
"typeOfImportOwner": [
"maintainer" ]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 6,
"inputParams": {
"entitlementname": "Organization" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${entitlementValue}/teams?per_page=100&page=1",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"pagination": {
"nextUrl": {
"nextUrlPath": "${headers?.Link==null?'':headers?.Link?.contains('next')?headers?.Link?.split(',')?.size()==2?headers?.Link?.split(',')[0]?.replace('<', '')?.replace('>; rel=\"next\"','')?.trim():headers?.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim():''}" }
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "name~#~char",
"customproperty1": "url~#~char",
"customproperty6": "privacy~#~char",
"customproperty7": "permission~#~char",
"customproperty20": "STORE#ENT#MAPPINGINFO#PARENTID#TYPE##ENTMAP~#~char",
"entitlementMappingJson": "STORE#ENT#MAPPINGINFO#PARENTID~#~char" }
}
}
},
"Repository": {
"entTypeOrder": 2,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 7,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${entitlementValue}/repos?per_page=100&page=1",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"pagination": {
"nextUrl": {
"nextUrlPath": "${headers?.Link==null?'':headers?.Link?.contains('next')?headers?.Link?.split(',')?.size()==2?headers?.Link?.split(',')[0]?.replace('<', '')?.replace('>; rel=\"next\"','')?.trim():headers?.Link?.split(',')[1].replace('<', '').replace('>; rel=\"next\"','').trim():''}" }
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "name~#~char",
"customproperty1": "url~#~char",
"customproperty6": "private~#~char",
"customproperty7": "size~#~char",
"customproperty8": "permissions.admin~#~char",
"customproperty9": "permissions.push~#~char",
"customproperty10": "permissions.pull~#~char",
"customproperty11": "owner.login~#~char",
"customproperty20": "STORE#ENT#MAPPINGINFO#PARENTID#TYPE##ENTMAP~#~char",
"entitlementMappingJson": "STORE#ENT#MAPPINGINFO#PARENTID~#~char" }
}
}
}
}
},
"acctEntParams": {
"processingType": "httpEntToAcct",
"connection": "acctAuth",
"initPrivigesMap": [
{
"privName": "Permission",
"attrType": 3,
"entType": "Organization",
"cfgType": 1,
"attributeValues": "",
"defaultValue": "" },
{
"privName": "Permission",
"attrType": 3,
"entType": "Team",
"cfgType": 1,
"attributeValues": "",
"defaultValue": "" },
{
"privName": "Permission",
"attrType": 3,
"entType": "Repository",
"cfgType": 1,
"attributeValues": "",
"defaultValue": "" }
],
"entTypes": {
"Organization": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 8,
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${id}/members",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlement_value",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "member" }
},
"call2": {
"callOrder": 0,
"stageNumber": 9,
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${id}/members?role=admin",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlement_value",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "admin" }
},
"call3": {
"callOrder": 0,
"stageNumber": 10,
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/orgs/${id}/outside_collaborators",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlement_value",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "outside_collaborator" }
}
}
},
"Team": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 11,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/teams/${id}/members?role=member",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "member" }
},
"call2": {
"callOrder": 1,
"stageNumber": 12,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "https://<DOMAIN>/teams/${id}/members?role=maintainer",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "maintainer" }
}
}
},
"Repository": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 13,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "${id}/collaborators",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"acctKeyField": "accountID",
"entKeyField": "customproperty1",
"acctIdPath": "id",
"privilegeParams": {
"attrName": "Permission",
"attrValue": "member" }
},
"call2": {
"callOrder": 1,
"stageNumber": 14,
"inputParams": {
"entitlementname": "Organization",
"statusFilter": "(ev.status = 6 or ev.status = 1)" },
"acctEntMappingTypeParam": {
"mappingType": "ENT2PRIVREVERSE",
"entitlementName": "Team" },
"http": {
"httpHeaders": {
"Authorization": "${access_token}" },
"url": "${id}/teams",
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET" },
"listField": "",
"entKeyField": "customproperty1",
"entIdPath": "url",
"privilegeParams": {
"attrName": "Permission",
"attrValuePath": "permission" }
}
}
}
}
},
"globalSettingParams": {
"globalTriggerParams": {
"maxLoopCountForLastTrigger": 5,
"lastTriggerCompletionSleep": 2000,
"lastTriggerCompletionIntermediateSleep": 1000
},
"supportedEntitlementTypes": [
{
"Organization": {
"custompropertyLabels": {
"customproperty3": "Tags",
"customproperty4": "ID",
"customproperty6": "Provision VM Agent",
"customproperty7": "Enable Automatic Updates" }
},
"Team": {
"custompropertyLabels": {
"customproperty3": "Tags",
"customproperty4": "ID",
"customproperty6": "Provision VM Agent",
"customproperty7": "Enable Automatic Updates" }
},
"Repository": {
"custompropertyLabels": {
"customproperty3": "Tags",
"customproperty4": "ID",
"customproperty6": "Provision VM Agent",
"customproperty7": "Enable Automatic Updates" }
}
}
]
}
}

 

Permissions from organization is what we need in account attributes (highlighted in bold)

Regards,

Athira

  • Check with GitHub documentation for required api and validate from postman

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ASVijayan
New Contributor
New Contributor

Hi @rushikeshvartak ,

APIs are validated in postman and are working fine in Saviynt too. We are facing issue in mapping this permission attribute in account parameters. 

We need to know how this httpEntToAccnt data can be mapped to account parameters.

Regards,

Athira 

Can you share postman screenshot for privilege


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ASVijayan
New Contributor
New Contributor

Hi @rushikeshvartak ,

The privilege attribute is permission, and it can have values member or owner.

To fetch all users who has member access, we use the API :  https://api.github.com/orgs/${id}/members

The API response is as below:

ASVijayan_0-1724835575719.png

To fetch all users who has member access, we use the API :  https://api.github.com/orgs/${id}/members?role=admin

The API response is as below:

ASVijayan_1-1724835843390.png

Is there anyway the highlighted (in yellow) can be brought up as an account parameter for each account?

Regards,

Athira Vijayan


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.