Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Import only signinactivity through rest

Sreejith
New Contributor III
New Contributor III

Solved: AzureAD Doesn't import signinactivity in full or d... - Saviynt Forums - 90001

I have similar issue can you please guide me.

Can we import only signinactivity through rest because rest all are imported through azure ad

[This message has been edited by moderator to move comment to his own post]

26 REPLIES 26

SureshPatike
Regular Contributor
Regular Contributor

We have used REST API connector for AzureAD to import the signInActivity.lastSignInDateTime into account profile CP or LastLogindate field. Please use below JSON for ImportAccountEntJSON and configure seperate job to import account (apart from AzureAD connector account import) information to specific mapped attrs below. Make sure you configure trigger chain job to run AzureAD REST API connector account import job runs after AzureAD connector account import job to get profile updated properly from AzureAD.

Note: Pls modify filter on graph api query accordingly to your requirements

ImportAccountEntJSON

-------------------------------

{
"globalSettings":{
"dateFormat":"yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users?$count=true&ConsistencyLevel=eventual&$filter=endsWith(userPr...",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"customproperty60": "signInActivity.lastSignInDateTime~#~char",
"lastlogondate": "signInActivity.lastSignInDateTime~#~date"
}
}
}
},
"entitlementParams": {
},
"acctEntParams": {
}
}

Job:

--------

SureshPatike_0-1714584858933.png

 

@SureshPatike so we needs to create seperate endpoint and SS for importing lastsignindate .

So currently we are importing ent and account using Azure ad oob connection.

Now we needs create rest connection and import signindate so there will be seperate account form right apart from azure Ad

And let me know if you didn't understand my question.

Sreejith
New Contributor III
New Contributor III

@SureshPatike apart from  ImportAccountEntJSON any other connection parameter we are giving.

And I have only basic understanding on saviynt so if you explain in detail it will be grateful for me

Am also new to Saviynt. Yes it need another connection for REST API connector to connect AzureAD and dont need seperate SS and endpoint since you have them already from AzureAD connector.

Only connection object and ImportAccountEntJSON , job to accomplish this requirement alone, rest all other account fields will be imported from AzureAD ootb connector account import.

@SureshPatike thanks .

In importaccountentjson what all I needs to change I mean which parameters and also where I needs to give mapping in account CP?

probably url based on your requirement and colsToPropsMap what cp you are going map in account profile for the attr value coming from graph api results.

@SureshPatike thanks for your information.

And one more last question apart from the importaccountentjson what else connection parameter we needs give and in importaccountentjson how's the token is passed?

@SureshPatike and any other connection parameter we need to give apart from connectionjson and importaccountentjson 

nope

@SureshPatike I tried with below Json which is similar to your but lastSignInDateTime is not imported to saviynt.

Please find the ImportAccountEntJSON 

{
"globalSettings":{
"dateFormat":"yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users?$count=true&ConsistencyLevel=eventual&$select=id,signInActivi...",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"lastlogondate": "signInActivity.lastSignInDateTime~#~date"
}
}
}
},
"entitlementParams": {
},
"acctEntParams": {
}
}

 

May i know your inputs on this

Does it works in customproperty ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@rushikeshvartak  I tried after removing the custom property then also it's not working

Does it visible from postman


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

So actually in here we don't have secret value inhand so we are directly call from saviynt.

Note : connection JSON is already established for adding and removing licence.

Sreejith
New Contributor III
New Contributor III

@SureshPatike Currently we have a rest connection to azure ad for adding and removing license where connection is already establish by connectionjson so can i use same connection and add importaccountentjson and do rest of the activity.

Yes you can use same if already have one

Sreejith
New Contributor III
New Contributor III

@SureshPatike So what permission we need to give in Azure active directory which can able to fetch the users

Same permissions per Saviynt AzureAD connector document. look at app registration section. If are using seperate app reg then probably read directory permissions should be more than enough. i would suggest go ahead with same app reg what you have configrued for ootb azured connector already.

Sreejith
New Contributor III
New Contributor III

@SureshPatike So you mean we can use same application created for Azure OOB connecter for rest connection also right or we needs to create register application at azure AD

you can use same

Job is failing saying : Failed to import one or more object types. Check
the Job Log Details page for more information. 

Return null error

 

Share logs


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

You can use REST Connector 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Sreejith
New Contributor III
New Contributor III

@SureshPatike  So for our scenario we only required lastSignInDateTime from AD and there is no filter is there so can i use below API  for fetching the user from Azure AD to Saviynt for only lastSignInDateTime:

{
"globalSettings":{
"dateFormat":"yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users?$count=true&ConsistencyLevel=eventual&$select=id,signInActivi...",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"lastlogondate": "signInActivity.lastSignInDateTime~#~date"
}
}
}
},
"entitlementParams": {
},
"acctEntParams": {
}
}

Yes, offcourse.