Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/28/2023 07:07 AM
Hi All,
Requirement:
1. AD Group creation has to be done from ARS - Group provisioning and import is happening (Ex: Connection Name: AD_1)(Connector type: AD)
2. Once the import happens, we are showing the AD Groups as an Entitlements in ARS where user will request those entitlements and it has to create ticket for this. (Ex: Connection Name: AD_ticket) (Connector type: REST)
So, In Security System we are adding below options.
Connection - AD_1
Provisioning Connection - AD_1
ServiceDesk Connection - AD-ticket
Issue:
Now, when I'm creating the AD Groups it is provisioning groups to AD and at the same time it's generating the ticket for ServiceNow because we have added both connections (AD_1 and AD_ticket) in SS.
I've tried, keeping a condition in URL for CreateticketJSON (in AD_ticket connection) as below but didn't work
-"url": "${if(task.tasktype==24){''}else{'https://<URL>/api/sjcrh/v1/infosec_access/ManualAccess'}}",
- "url": "${if(task.tasktype==24){''}else{\"https://<URL>/api/sjcrh/v1/infosec_access/ManualAccess\"}}",
-"url": "#CONST#${if(task.tasktype==24){''}else{\"https://<URL>/api/sjcrh/v1/infosec_access/ManualAccess\"}}",
-"url": "#CONST%23${if(task.tasktype==24){''}else{\"https://<URL>/api/sjcrh/v1/infosec_access/ManualAccess\"}}",
FYI, task.tasktype=24 is for create entitlement request.
Any suggestion where we can stop triggering ticket for when AD Group creation happens.
Thanks,
Shyam
07/29/2023 07:20 AM
In connection don’t send connection name
${(task.tasktype == 24) ? '': 'userAuth'}
07/31/2023 02:39 AM
tried the above syntax in json but giving me the below ERROR:
responseText:{"error":{"message":"User Not Authenticated","detail":"Required to provide Auth information"},"status":"failure"}, cookies:[BIGipServerpool_stjudedev=ab47f76c024dfdfaf710a29bcc4ca238; httponly; secure; path=/; SameSite=None, JSESSIONID=53470E434C5E0AE294B4697026330761; Path=/; HttpOnly; secure; SameSite=None], statusCode:401]
2023-07-31/09:24:20.469 [{}] [quartzScheduler_Worker-5] DEBUG rest.RestUtilService - pullObjectsByRest - responseStatusCode ::401
2023-07-31/09:24:20.469 [{}] [quartzScheduler_Worker-5] DEBUG rest.RestProvisioningService - Entered getResponseHeaders method
2023-07-31/09:24:20.469 [{}] [quartzScheduler_Worker-5] DEBUG rest.RestProvisioningService - responseError : null
2023-07-31/09:24:20.469 [{}] [quartzScheduler_Worker-5] DEBUG rest.RestProvisioningService - isAuthError: false
FYI, Attaching the tested Json, let me know if needed any changes.
07/31/2023 02:58 AM
Hi @ShyamSrisailam you can also add the same condition in the "name" parameter of the create ticket json. Please find the below sample.
"name": "${(task?.tasktype==24)?'No_Action_Required_call_for_ad_group_creation':'call1'}"
{
"call": [
{
"name": "${(task?.tasktype==24)?'No_Action_Required_call_for_ad_group_creation':'call1'}",
"connection": "${(task.tasktype == 24) ? '': 'userAuth'}",
"url": "<URL>",
"httpMethod": "POST",
"httpParams": "{\"instructions\":\"Request to ${if(task.tasktype==2 && (allEntitlementsValues==null || allEntitlementsValues.isEmpty() || allEntitlementsValues=='')){'Delete Account and associated Network folders and file'}else if(task.tasktype==3){'Add New Account in'}else if(task.tasktype==2){'Update Access in'}else if(task.tasktype==1){'Update Access in'}else if(task.tasktype==6){'Enable Account in'}else if(task.tasktype==14){'Disable Account in'}else if(task.tasktype==12){'Update Account in'}else{task.tasktype}} ${endpoint?.displayName}\",\"details\":\"${if((task.tasktype==2 && (allEntitlementsValues==null || allEntitlementsValues.isEmpty() || allEntitlementsValues=='')) || (task.tasktype==3) || (task.tasktype==2) || (task.tasktype==1) || (task.tasktype==6) || (task.tasktype==14)){'Below are the details to \\\\n \\\\nName : '+user.firstname+' '+(user.middlename!=null?user.middlename:'')+' '+user.lastname+'\\\\nUsername : '+user.username+'\\\\nEmployeeID : '+user.employeeid+' \\\\nUser Email : '+(user.email!=null?user.email:user.secondaryEmail!=null?user.secondaryEmail:'No email address available in Saviynt')+'\\\\nDepartment Name : '+user.departmentname+' \\\\nDepartment Number : '+user.departmentNumber+'\\\\nTitle : '+user.title+'\\\\nManager : '+user.owner+'\\\\nEnd Date : '+user.enddate+'\\\\nStatus : '+(user.statuskey==1?'Active Account':'Suspend or Deactivate Account')+' \\\\nRequestKey : '+task.requestKey+'\\\\nRequestID : '+(task.requestKey!=null?task.requestKey?.processinstanceid?.substring(task.requestKey?.processinstanceid?.indexOf('.') + 1, task.requestKey?.processinstanceid?.length()):task.id)+'\\\\nBusiness Justification : '+(task.requestKey==null?'':task.requestKey?.comments?.replaceAll('<.*?>','').replaceAll('\\n','').replaceAll('\\r','').replaceAll('[^ -~À-ÿ]+','').replaceAll(new String('XFw='.decodeBase64()),new String('XFxcXA=='.decodeBase64())))+'\\\\nEntitlements : '+(allEntitlementsValues.replaceAll('\\n',' ').replaceAll(':: Group :',' :'))+''}else if(task.tasktype==12){'Update Account in '+endpoint?.displayName+'\\\\n \\\\nFirstName : '+user.firstname+'\\\\nMiddleName : '+(user.middlename!=null?user.middlename:'')+'\\\\nLastName : '+user.lastname+'\\\\nUsername : '+user.username+'\\\\nEmployeeID : '+user.employeeid+' \\\\nUser Email : '+(user.email!=null?user.email:user.secondaryEmail!=null?user.secondaryEmail:'No email address available in Saviynt')+'\\\\nDepartment Name : '+user.departmentname+' \\\\nDepartment Number : '+user.departmentNumber+'\\\\nTitle : '+user.title+'\\\\nManager : '+user.owner+''}else{task.tasktype}}\", \"user\":\"${user.username}\" , \"group\":\"0142041b4ff152004ce80ad14210c7f2\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"ticketidPath": "result.request_number",
"unsuccessResponses":
{
"message": ""
}
}
]
}
Let me know if this helps!
07/31/2023 05:57 AM
Hi @naveenss ,
Tried the syntax it is not creating the ticketNo for AD Group creation that is good, but it should create a ticket if user request for (AD_ticket) where user requests for AD_group entitlements through ARS but it's getting ERRORED out.
json is --- {"taskid":null,"provisioningComments":"Error in getting Ticket Number. Response: {\"error\":{\"message\":\"User Not Authenticated\",\"detail\":\"Required to provide Auth information\"},\"status\":\"failure\"}"}
pullObjectsByRest - responseStatusCode ::401