Saviynt Forums

Sreejith · ‎05/01/2024

Solved: AzureAD Doesn't import signinactivity in full or d... - Saviynt Forums - 90001

I have similar issue can you please guide me.

Can we import only signinactivity through rest because rest all are imported through azure ad

[This message has been edited by moderator to move comment to his own post]

SureshPatike · ‎05/01/2024

We have used REST API connector for AzureAD to import the signInActivity.lastSignInDateTime into account profile CP or LastLogindate field. Please use below JSON for ImportAccountEntJSON and configure seperate job to import account (apart from AzureAD connector account import) information to specific mapped attrs below. Make sure you configure trigger chain job to run AzureAD REST API connector account import job runs after AzureAD connector account import job to get profile updated properly from AzureAD.

Note: Pls modify filter on graph api query accordingly to your requirements

ImportAccountEntJSON

-------------------------------

{
"globalSettings":{
"dateFormat":"yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users?$count=true&ConsistencyLevel=eventual&$filter=endsWith(userPr...",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"customproperty60": "signInActivity.lastSignInDateTime~#~char",
"lastlogondate": "signInActivity.lastSignInDateTime~#~date"
}
}
}
},
"entitlementParams": {
},
"acctEntParams": {
}
}

Job:

--------

Sreejith · ‎05/01/2024

@SureshPatike so we needs to create seperate endpoint and SS for importing lastsignindate .

So currently we are importing ent and account using Azure ad oob connection.

Now we needs create rest connection and import signindate so there will be seperate account form right apart from azure Ad

And let me know if you didn't understand my question.

Sreejith · ‎05/01/2024

@SureshPatike apart from ImportAccountEntJSON any other connection parameter we are giving.

And I have only basic understanding on saviynt so if you explain in detail it will be grateful for me

SureshPatike · ‎05/01/2024

Am also new to Saviynt. Yes it need another connection for REST API connector to connect AzureAD and dont need seperate SS and endpoint since you have them already from AzureAD connector.

Only connection object and ImportAccountEntJSON , job to accomplish this requirement alone, rest all other account fields will be imported from AzureAD ootb connector account import.

Sreejith · ‎05/01/2024

@SureshPatike thanks .

In importaccountentjson what all I needs to change I mean which parameters and also where I needs to give mapping in account CP?

SureshPatike · ‎05/01/2024

probably url based on your requirement and colsToPropsMap what cp you are going map in account profile for the attr value coming from graph api results.

Sreejith · ‎05/01/2024

@SureshPatike thanks for your information.

And one more last question apart from the importaccountentjson what else connection parameter we needs give and in importaccountentjson how's the token is passed?

SureshPatike · ‎05/01/2024

thats tokenResponsePath from connectionJSON object

https://docs.saviyntcloud.com/bundle/REST-v24x/page/Content/Examples-for-JSON-Construction.htm#Conne...

Sreejith · ‎05/01/2024

@SureshPatike and any other connection parameter we need to give apart from connectionjson and importaccountentjson

SureshPatike · ‎05/01/2024

nope

Sreejith · ‎05/07/2024

@SureshPatike I tried with below Json which is similar to your but lastSignInDateTime is not imported to saviynt.

Please find the ImportAccountEntJSON

{
"globalSettings":{
"dateFormat":"yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users?$count=true&ConsistencyLevel=eventual&$select=id,signInActivi...",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"lastlogondate": "signInActivity.lastSignInDateTime~#~date"
}
}
}
},
"entitlementParams": {
},
"acctEntParams": {
}
}

May i know your inputs on this

rushikeshvartak · ‎05/07/2024

Does it works in customproperty ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Sreejith · ‎05/07/2024

@rushikeshvartak I tried after removing the custom property then also it's not working

rushikeshvartak · ‎05/07/2024

Does it visible from postman

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Sreejith · ‎05/07/2024

So actually in here we don't have secret value inhand so we are directly call from saviynt.

Note : connection JSON is already established for adding and removing licence.

Sreejith · ‎05/02/2024

@SureshPatike Currently we have a rest connection to azure ad for adding and removing license where connection is already establish by connectionjson so can i use same connection and add importaccountentjson and do rest of the activity.

SureshPatike · ‎05/03/2024

Yes you can use same if already have one

Sreejith · ‎05/06/2024

@SureshPatike So what permission we need to give in Azure active directory which can able to fetch the users

SureshPatike · ‎05/06/2024

Same permissions per Saviynt AzureAD connector document. look at app registration section. If are using seperate app reg then probably read directory permissions should be more than enough. i would suggest go ahead with same app reg what you have configrued for ootb azured connector already.

Sreejith · ‎05/06/2024

@SureshPatike So you mean we can use same application created for Azure OOB connecter for rest connection also right or we needs to create register application at azure AD

SureshPatike · ‎05/06/2024

you can use same

Sreejith · ‎05/07/2024

Job is failing saying : Failed to import one or more object types. Check
the Job Log Details page for more information.

Return null error

rushikeshvartak · ‎05/08/2024

Share logs

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

rushikeshvartak · ‎05/06/2024

You can use REST Connector

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Sreejith · ‎05/07/2024

@SureshPatike So for our scenario we only required lastSignInDateTime from AD and there is no filter is there so can i use below API for fetching the user from Azure AD to Saviynt for only lastSignInDateTime:

{
"globalSettings":{
"dateFormat":"yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/users?$count=true&ConsistencyLevel=eventual&$select=id,signInActivi...",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"lastlogondate": "signInActivity.lastSignInDateTime~#~date"
}
}
}
},
"entitlementParams": {
},
"acctEntParams": {
}
}

SureshPatike · ‎05/09/2024

Yes, offcourse.

Saviynt Forums

Import only signinactivity through rest