Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/27/2024 04:38 AM
Hi
We are currently having issues with our Sav4Sav integration where we are trying to import saviynt objects as entitlements and map them to the accounts. The most important part is the "Roles" section where we import all roles in Saviynt and create them as entitlement. We are also trying to fix so that if you have an enterprise role, you should already be added to the entitlement.
The following ImportAccountEntJSON works in our both lower environments, but in production, it looks like this:
Instead of as we expect:
{
"acctEntParams":{
"entTypes":{
"Roles":{
"call":{
"call1":{
"callOrder":0,
"processingType":"entToAcctMapping",
"stageNumber":0
}
}
},
"SAVRoles": {
"call": {
"call1": {
"connection": "userAuth",
"acctKeyField": "accountID",
"callOrder": 0,
"stageNumber": 1,
"processingType": "httpEntToAcct",
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://tenant.com/ECMv6/api/userms/savroles/${id}/users?limit=1000&offset=0",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "users",
"entKeyField": "entitlementID",
"acctIdPath": "username"
}
}
}
}
},
"entitlementParams":{
"entTypes":{
"Organization":{
"call":{
"call1":{
"keyField":"entitlementID",
"callOrder":0,
"pagination":{
"offset":{
"totalCountPath":"completeResponseMap.totalcount",
"batchParam":"max",
"batchSize":500,
"offsetParam":"offset"
}
},
"listField":"organizations",
"http":{
"httpParams":"",
"httpContentType":"application/json",
"httpHeaders":{
"Authorization":"${access_token}",
"Accept":"application/json"
},
"httpMethod":"GET",
"url":"https://tenant.com/ECM/api/v5/getOrganization"
},
"stageNumber":0,
"colsToPropsMap":{
"acctEntMappingInfoColumnFromEnt":"STORE#ACC#ENT#MAPPINGINFO~#~char",
"entitlementID":"organizationname~#~char",
"entitlement_value":"organizationname~#~char"
}
}
},
"entTypeOrder":1
},
"Roles":{
"call":{
"call1":{
"keyField":"entitlementID",
"callOrder":0,
"pagination":{
"offset":{
"totalCountPath":"completeResponseMap.totalCount",
"batchParam":"max",
"batchSize":500,
"offsetParam":"offset"
}
},
"listField":"Roledetails",
"http":{
"httpParams":"{\"requestedObject\": \"users\"}",
"httpContentType":"application/json",
"httpHeaders":{
"Authorization":"${access_token}",
"Accept":"application/json"
},
"httpMethod":"POST",
"url":"https://tenant.com/ECM/api/v5/getRoles"
},
"stageNumber":0,
"colsToPropsMap":{
"customproperty2":"role_name~#~char",
"customproperty1":"roleKey~#~char",
"acctEntMappingInfoColumnFromEnt":"STORE#ACC#ENT#MAPPINGINFO~#~char",
"entitlementID":"roleKey~#~char",
"entitlement_value":"role_name~#~char"
}
}
},
"acctEntMappings":{
"keyField":"accountID",
"idPath":"username",
"listField":"UserDetails",
"importAsAccount":false
},
"entTypeOrder":0
},
"SAVRoles":{
"call":{
"call1":{
"keyField":"entitlementID",
"callOrder":0,
"listField":"savroles",
"http":{
"successResponses":{
"statusCode":[
200,
201
]
},
"httpContentType":"application/json",
"httpHeaders":{
"Authorization":"${access_token}",
"Accept":"application/json"
},
"httpMethod":"GET",
"url":"https://tenant.com/ECMv6/api/userms/savroles"
},
"stageNumber":0,
"colsToPropsMap":{
"customproperty1":"CUSTOMPROPERTY1~#~char",
"entitlementID":"ROLENAME~#~char",
"entitlement_value":"ROLENAME~#~char"
}
}
},
"entTypeOrder":0
},
"UserGroups":{
"call":{
"call1":{
"keyField":"entitlementID",
"callOrder":0,
"pagination":{
"offset":{
"totalCountPath":"completeResponseMap.totalcount",
"batchParam":"max",
"batchSize":500,
"offsetParam":"offset"
}
},
"listField":"usergroups",
"http":{
"httpParams":"",
"httpContentType":"application/json",
"httpHeaders":{
"Authorization":"${access_token}",
"Accept":"application/json"
},
"httpMethod":"POST",
"url":"https://tenant.com/ECM/api/v5/fetchUserGroup"
},
"stageNumber":0,
"colsToPropsMap":{
"acctEntMappingInfoColumnFromEnt":"STORE#ACC#ENT#MAPPINGINFO~#~char",
"entitlementID":"usergroupkey~#~char",
"entitlement_value":"user_groupname~#~char"
}
}
},
"entTypeOrder":2
}
},
"processingType":"SequentialAndIterative",
"connection":"userAuth"
},
"accountParams":{
"call":{
"call1":{
"keyField":"accountID",
"callOrder":0,
"pagination":{
"offset":{
"totalCountPath":999999999,
"batchParam":"max",
"batchSize":500,
"offsetParam":"offset"
}
},
"listField":"results",
"http":{
"httpContentType":"application/json",
"httpHeaders":{
"Authorization":"${access_token}",
"Accept":"application/json"
},
"httpMethod":"GET",
"url":"https://tenant.com/ECM/api/v5/user?q=accountExpired:0&fields=username,email,displayname,statuskey&sort=username&order=desc"
},
"stageNumber":0,
"colsToPropsMap":{
"accountID":"username~#~char",
"customproperty2":"email~#~char",
"customproperty11":"statuskey~#~char",
"displayName":"displayname~#~char",
"name":"username~#~char",
"status":"active~#~char"
}
}
},
"processingType":"SequentialAndIterative",
"connection":"userAuth",
"statusAndThresholdConfig":{
"inactivateAccountsNotInFile":true,
"activeStatus":[
1
],
"deleteAccEntForActiveAccounts":true,
"statusColumn":"customproperty11",
"accountThresholdValue":10,
"correlateInactiveAccounts":false,
"deleteLinks":true
}
}
}
The job finishes successfully, so the connectionjson is working as expected, we have about 20k roles. Any help is greatly appreciated
08/27/2024 06:06 AM
Hi @alex1 , what about the environment version is it same for all?
08/27/2024 06:14 AM
Hi @NM ,
Yes, we have 24.4 in all three environments, exact same configuration in all of them.
08/27/2024 06:17 AM
@alex1 can you check account whether the entitlements are mapped or not.
08/27/2024 07:19 AM
The entitlements are being mapped in dev/pre-prod, but not in production. So basically, it just clears all of the mappings during the access import in production, so pretty much no connections exists as of now.
08/27/2024 07:14 AM
08/27/2024 07:21 AM
We have been able to import entitlements before, so right now its only the account to Ent import thats important, which is not working since no mappings are created.
08/27/2024 07:27 AM
Please try with one entitlement type like Sav role
Refer json - https://docs.saviyntcloud.com/bundle/Saviynt-REST-based-Guide/page/Content/Understanding-Integration...
08/27/2024 07:39 AM
We are unfortunately not able to run our testing in production as we don't want to risk deactivating our current entitlements as Saviynt has a habit of adding "DELETED-FROM-IMPORT" or similar when running full imports. Since the full version is working in dev/pre-prod, we just want to understand if there is something obvious that we have missed
08/27/2024 07:41 AM
08/27/2024 07:42 AM
Yes, all versions including subversions are exactly the same between all environments.
08/27/2024 07:46 AM
Screenshot please. Does server allocation is same (check with saviynt support)