Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

ImportAccountEntJSON for Sav4Sav not working

alex1
New Contributor III
New Contributor III

Hi

We are currently having issues with our Sav4Sav integration where we are trying to import saviynt objects as  entitlements and map them to the accounts. The most important part is the "Roles" section where we import all roles in Saviynt and create them as entitlement. We are also trying to fix so that if you have an enterprise role, you should already be added to the entitlement. 

The following ImportAccountEntJSON works in our both lower environments, but in production, it looks like this: 

alex1_0-1724758478553.png

Instead of as we expect:

alex1_1-1724758557118.png

 

 

{
    "acctEntParams":{
       "entTypes":{
          "Roles":{
             "call":{
                "call1":{
                   "callOrder":0,
                   "processingType":"entToAcctMapping",
                   "stageNumber":0
                }
             }
          },
           "SAVRoles": {
                 "call": {
                     "call1": {
                         "connection": "userAuth",
                         "acctKeyField": "accountID",
                         "callOrder": 0,
                         "stageNumber": 1,
                         "processingType": "httpEntToAcct",
                         "http": {
                             "httpHeaders": {
                                 "Authorization": "${access_token}"
                             },
                             "url": "https://tenant.com/ECMv6/api/userms/savroles/${id}/users?limit=1000&offset=0",
                             "httpContentType": "application/json",
                             "httpMethod": "GET"
                         },
                         "listField": "users",
                         "entKeyField": "entitlementID",
                         "acctIdPath": "username"
                     }
                 }
             }
       }
    },
    "entitlementParams":{
       "entTypes":{
          "Organization":{
             "call":{
                "call1":{
                   "keyField":"entitlementID",
                   "callOrder":0,
                   "pagination":{
                      "offset":{
                         "totalCountPath":"completeResponseMap.totalcount",
                         "batchParam":"max",
                         "batchSize":500,
                         "offsetParam":"offset"
                      }
                   },
                   "listField":"organizations",
                   "http":{
                      "httpParams":"",
                      "httpContentType":"application/json",
                      "httpHeaders":{
                         "Authorization":"${access_token}",
                         "Accept":"application/json"
                      },
                      "httpMethod":"GET",
                      "url":"https://tenant.com/ECM/api/v5/getOrganization"
                   },
                   "stageNumber":0,
                   "colsToPropsMap":{
                      "acctEntMappingInfoColumnFromEnt":"STORE#ACC#ENT#MAPPINGINFO~#~char",
                      "entitlementID":"organizationname~#~char",
                      "entitlement_value":"organizationname~#~char"
                   }
                }
             },
             "entTypeOrder":1
          },
          "Roles":{
             "call":{
                "call1":{
                   "keyField":"entitlementID",
                   "callOrder":0,
                   "pagination":{
                      "offset":{
                         "totalCountPath":"completeResponseMap.totalCount",
                         "batchParam":"max",
                         "batchSize":500,
                         "offsetParam":"offset"
                      }
                   },
                   "listField":"Roledetails",
                   "http":{
                      "httpParams":"{\"requestedObject\": \"users\"}",
                      "httpContentType":"application/json",
                      "httpHeaders":{
                         "Authorization":"${access_token}",
                         "Accept":"application/json"
                      },
                      "httpMethod":"POST",
                      "url":"https://tenant.com/ECM/api/v5/getRoles"
                   },
                   "stageNumber":0,
                   "colsToPropsMap":{
                      "customproperty2":"role_name~#~char",
                      "customproperty1":"roleKey~#~char",
                      "acctEntMappingInfoColumnFromEnt":"STORE#ACC#ENT#MAPPINGINFO~#~char",
                      "entitlementID":"roleKey~#~char",
                      "entitlement_value":"role_name~#~char"
                   }
                }
             },
             "acctEntMappings":{
                "keyField":"accountID",
                "idPath":"username",
                "listField":"UserDetails",
                "importAsAccount":false
             },
             "entTypeOrder":0
          },
          "SAVRoles":{
             "call":{
                "call1":{
                   "keyField":"entitlementID",
                   "callOrder":0,
                   "listField":"savroles",
                   "http":{
                      "successResponses":{
                         "statusCode":[
                            200,
                            201
                         ]
                      },
                      "httpContentType":"application/json",
                      "httpHeaders":{
                         "Authorization":"${access_token}",
                         "Accept":"application/json"
                      },
                      "httpMethod":"GET",
                      "url":"https://tenant.com/ECMv6/api/userms/savroles"
                   },
                   "stageNumber":0,
                   "colsToPropsMap":{
                      "customproperty1":"CUSTOMPROPERTY1~#~char",
                      "entitlementID":"ROLENAME~#~char",
                      "entitlement_value":"ROLENAME~#~char"
                   }
                }
             },
             "entTypeOrder":0
          },
          "UserGroups":{
             "call":{
                "call1":{
                   "keyField":"entitlementID",
                   "callOrder":0,
                   "pagination":{
                      "offset":{
                         "totalCountPath":"completeResponseMap.totalcount",
                         "batchParam":"max",
                         "batchSize":500,
                         "offsetParam":"offset"
                      }
                   },
                   "listField":"usergroups",
                   "http":{
                      "httpParams":"",
                      "httpContentType":"application/json",
                      "httpHeaders":{
                         "Authorization":"${access_token}",
                         "Accept":"application/json"
                      },
                      "httpMethod":"POST",
                      "url":"https://tenant.com/ECM/api/v5/fetchUserGroup"
                   },
                   "stageNumber":0,
                   "colsToPropsMap":{
                      "acctEntMappingInfoColumnFromEnt":"STORE#ACC#ENT#MAPPINGINFO~#~char",
                      "entitlementID":"usergroupkey~#~char",
                      "entitlement_value":"user_groupname~#~char"
                   }
                }
             },
             "entTypeOrder":2
          }
       },
       "processingType":"SequentialAndIterative",
       "connection":"userAuth"
    },
    "accountParams":{
       "call":{
          "call1":{
             "keyField":"accountID",
             "callOrder":0,
             "pagination":{
                "offset":{
                   "totalCountPath":999999999,
                   "batchParam":"max",
                   "batchSize":500,
                   "offsetParam":"offset"
                }
             },
             "listField":"results",
             "http":{
                "httpContentType":"application/json",
                "httpHeaders":{
                   "Authorization":"${access_token}",
                   "Accept":"application/json"
                },
                "httpMethod":"GET",
                "url":"https://tenant.com/ECM/api/v5/user?q=accountExpired:0&fields=username,email,displayname,statuskey&sort=username&order=desc"
             },
             "stageNumber":0,
             "colsToPropsMap":{
                "accountID":"username~#~char",
                "customproperty2":"email~#~char",
                "customproperty11":"statuskey~#~char",
                "displayName":"displayname~#~char",
                "name":"username~#~char",
                "status":"active~#~char"
             }
          }
       },
       "processingType":"SequentialAndIterative",
       "connection":"userAuth",
       "statusAndThresholdConfig":{
          "inactivateAccountsNotInFile":true,
          "activeStatus":[
             1
          ],
          "deleteAccEntForActiveAccounts":true,
          "statusColumn":"customproperty11",
          "accountThresholdValue":10,
          "correlateInactiveAccounts":false,
          "deleteLinks":true
       }
    }
 }

 

 The job finishes successfully, so the connectionjson is working as expected, we have about 20k roles. Any help is greatly appreciated

11 REPLIES 11

NM
Honored Contributor II
Honored Contributor II

Hi @alex1 , what about the environment version is it same for all?

alex1
New Contributor III
New Contributor III

Hi @NM ,

Yes, we have 24.4 in all three environments, exact same configuration in all of them.

NM
Honored Contributor II
Honored Contributor II

@alex1 can you check account whether the entitlements are mapped or not.

alex1
New Contributor III
New Contributor III

The entitlements are being mapped in dev/pre-prod, but not in production. So basically, it just clears all of the mappings during the access import in production, so pretty much no connections exists as of now.

rushikeshvartak
All-Star
All-Star
  • What operation is working out of below
    • Account Import
    • Account to Ent import
    • Ent Import

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

We have been able to import entitlements before, so right now its only the account to Ent import thats important, which is not working since no mappings are created.

Please try with one entitlement type like Sav role

Refer json - https://docs.saviyntcloud.com/bundle/Saviynt-REST-based-Guide/page/Content/Understanding-Integration... 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

We are unfortunately not able to run our testing in production as we don't want to risk deactivating our current entitlements as Saviynt has a habit of adding "DELETED-FROM-IMPORT" or similar when running full imports. Since the full version is working in dev/pre-prod, we just want to understand if there is something obvious that we have missed

  • Does environment sub version are same ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Yes, all versions including subversions are exactly the same between all environments.

Screenshot please. Does server allocation is same (check with saviynt support)


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.