Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/01/2024 09:07 AM - last edited on 05/08/2024 01:30 AM by Sunil
Solved: AzureAD Doesn't import signinactivity in full or d... - Saviynt Forums - 90001
I have similar issue can you please guide me.
Can we import only signinactivity through rest because rest all are imported through azure ad
[This message has been edited by moderator to move comment to his own post]
05/01/2024 10:36 AM - edited 05/01/2024 10:38 AM
We have used REST API connector for AzureAD to import the signInActivity.lastSignInDateTime into account profile CP or LastLogindate field. Please use below JSON for ImportAccountEntJSON and configure seperate job to import account (apart from AzureAD connector account import) information to specific mapped attrs below. Make sure you configure trigger chain job to run AzureAD REST API connector account import job runs after AzureAD connector account import job to get profile updated properly from AzureAD.
Note: Pls modify filter on graph api query accordingly to your requirements
ImportAccountEntJSON
-------------------------------
{
"globalSettings":{
"dateFormat":"yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users?$count=true&ConsistencyLevel=eventual&$filter=endsWith(userPr...",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"customproperty60": "signInActivity.lastSignInDateTime~#~char",
"lastlogondate": "signInActivity.lastSignInDateTime~#~date"
}
}
}
},
"entitlementParams": {
},
"acctEntParams": {
}
}
Job:
--------
05/01/2024 11:34 AM
@SureshPatike so we needs to create seperate endpoint and SS for importing lastsignindate .
So currently we are importing ent and account using Azure ad oob connection.
Now we needs create rest connection and import signindate so there will be seperate account form right apart from azure Ad
And let me know if you didn't understand my question.
05/01/2024 11:44 AM
@SureshPatike apart from ImportAccountEntJSON any other connection parameter we are giving.
And I have only basic understanding on saviynt so if you explain in detail it will be grateful for me
05/01/2024 11:57 AM
Am also new to Saviynt. Yes it need another connection for REST API connector to connect AzureAD and dont need seperate SS and endpoint since you have them already from AzureAD connector.
Only connection object and ImportAccountEntJSON , job to accomplish this requirement alone, rest all other account fields will be imported from AzureAD ootb connector account import.
05/01/2024 12:15 PM
@SureshPatike thanks .
In importaccountentjson what all I needs to change I mean which parameters and also where I needs to give mapping in account CP?
05/01/2024 12:25 PM
probably url based on your requirement and colsToPropsMap what cp you are going map in account profile for the attr value coming from graph api results.
05/01/2024 12:43 PM
@SureshPatike thanks for your information.
And one more last question apart from the importaccountentjson what else connection parameter we needs give and in importaccountentjson how's the token is passed?
05/01/2024 01:28 PM
thats tokenResponsePath from connectionJSON object
05/01/2024 01:36 PM
@SureshPatike and any other connection parameter we need to give apart from connectionjson and importaccountentjson
05/01/2024 02:08 PM
nope
05/07/2024 01:31 PM
@SureshPatike I tried with below Json which is similar to your but lastSignInDateTime is not imported to saviynt.
Please find the ImportAccountEntJSON
{
"globalSettings":{
"dateFormat":"yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users?$count=true&ConsistencyLevel=eventual&$select=id,signInActivi...",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"lastlogondate": "signInActivity.lastSignInDateTime~#~date"
}
}
}
},
"entitlementParams": {
},
"acctEntParams": {
}
}
May i know your inputs on this
05/07/2024 06:37 PM
Does it works in customproperty ?
05/07/2024 10:06 PM
@rushikeshvartak I tried after removing the custom property then also it's not working
05/07/2024 10:09 PM
Does it visible from postman
05/07/2024 10:18 PM
So actually in here we don't have secret value inhand so we are directly call from saviynt.
Note : connection JSON is already established for adding and removing licence.
05/02/2024 10:59 PM
@SureshPatike Currently we have a rest connection to azure ad for adding and removing license where connection is already establish by connectionjson so can i use same connection and add importaccountentjson and do rest of the activity.
05/03/2024 04:47 AM
Yes you can use same if already have one
05/06/2024 08:02 AM
@SureshPatike So what permission we need to give in Azure active directory which can able to fetch the users
05/06/2024 08:31 AM
Same permissions per Saviynt AzureAD connector document. look at app registration section. If are using seperate app reg then probably read directory permissions should be more than enough. i would suggest go ahead with same app reg what you have configrued for ootb azured connector already.
05/06/2024 09:16 AM
@SureshPatike So you mean we can use same application created for Azure OOB connecter for rest connection also right or we needs to create register application at azure AD
05/06/2024 09:23 AM
you can use same
05/07/2024 01:06 PM
Job is failing saying : Failed to import one or more object types. Check
the Job Log Details page for more information.
Return null error
05/08/2024 09:49 PM
Share logs
05/06/2024 10:05 AM
You can use REST Connector
05/07/2024 10:01 AM
@SureshPatike So for our scenario we only required lastSignInDateTime from AD and there is no filter is there so can i use below API for fetching the user from Azure AD to Saviynt for only lastSignInDateTime:
{
"globalSettings":{
"dateFormat":"yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users?$count=true&ConsistencyLevel=eventual&$select=id,signInActivi...",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"lastlogondate": "signInActivity.lastSignInDateTime~#~date"
}
}
}
},
"entitlementParams": {
},
"acctEntParams": {
}
}
05/09/2024 02:47 PM
Yes, offcourse.