Click HERE to see how Saviynt Intelligence is transforming the industry. |
03/22/2024 10:10 AM
We are using REST connector for account and access import. We noticed the deleted entitlements from target is still showing as Active in Saviynt. We have added "disableDeletedEntitlements": "true" but it did not help. We also tried to map a status and use statusConfig as well. That is also did not work. Can anyone help us if we are missing any other configs?
Please find the ImportAccountEntJSON
{
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://******.dynamics.com/api/data/v9.2/systemusers",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/x-www-form-urlencoded"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"customproperty1": "title~#~char",
"customproperty2": "userpuid~#~char",
"customproperty3": "islicensed~#~char",
"customproperty4": "internalemailaddress~#~char",
"customproperty5": "ownerid~#~char",
"customproperty6": "isdisabled~#~char",
"customproperty7": "firstname~#~char",
"customproperty8": "lastname~#~char",
"customproperty9": "identityid~#~char",
"customproperty10": "modifiedon~#~char",
"customproperty11": "issyncwithdirectory~#~char",
"customproperty12": "userlicensetype~#~char",
"customproperty13": "_modifiedby_value~#~char",
"customproperty14": "isemailaddressapprovedbyo365admin~#~char",
"customproperty15": "address1_telephone1~#~char",
"customproperty16": "address1_city~#~char",
"customproperty17": "address1_composite~#~char",
"customproperty18": "address1_postalcode~#~char",
"customproperty19": "address1_country~#~char",
"customproperty20": "azureactivedirectoryobjectid~#~char",
"customproperty21": "address1_stateorprovince~#~char",
"displayName": "fullname~#~char",
"name": "domainname~#~char"
}
}
}
},
"entitlementParams": {
"connection": "userAuth",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"processingType": "SequentialAndIterative",
"entTypes": {
"Roles": {
"entTypeOrder": 1,
"call": {
"call2": {
"callOrder": 1,
"stageNumber": 2,
"showJobHistory": true,
"http": {
"url": "https://*******.dynamics.com/api/data/v9.2/roles",
"httpMethod": "GET",
"httpHeaders": {
"OData-MaxVersion": "4.0",
"OData-Version": "4.0",
"Authorization": "${access_token}"
},
"httpContentType": "application/x-www-form-urlencoded"
},
"listField": "value",
"keyField": "entitlementID",
"statusConfig": {
"active": "true"
},
"colsToPropsMap": {
"entitlementID": "roleid~#~char",
"entitlement_value": "name~#~char",
"customproperty1": "isinherited~#~char",
"customproperty2": "_parentroleid_value~#~char",
"customproperty3": "createdon~#~char",
"customproperty4": "_businessunitid_value~#~char",
"customproperty5": "_createdby_value~#~char",
"customproperty6": "modifiedon~#~char",
"customproperty7": "_modifiedby_valuevalue~#~char",
"status": "canbedeleted.Value~#~char"
},
"disableDeletedEntitlements": "true"
}
}
}
}
},
"acctEntParams": {
"connection": "userAuth",
"entTypes": {
"Roles": {
"call": {
"call1": {
"processingType": "http",
"callOrder": 0,
"stageNumber": 0,
"showJobHistory": true,
"http": {
"url": "https://*******.dynamics.com/api/data/v9.2/systemuserrolescollection",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
}
},
"listField": "value",
"entIdPath": "roleid",
"entKeyField": "entitlementID",
"acctIdPath": "systemuserid",
"acctKeyField": "accountID"
}
}
}
}
}
}
Solved! Go to Solution.
03/22/2024 10:31 AM
Disclaimer - This is an AI generated response and feedback will be used to fine tune.
To address the issue of deleted entitlements still showing as Active in Saviynt despite setting "disableDeletedEntitlements": "true", it's important to ensure that the configuration accurately reflects the way your source system (in this case, presumably Dynamics 365) denotes deleted or inactive entitlements. From the configuration provided, it seems like "statusConfig": {"active": "true"} is intended to statically map all entitlements as active, which doesn't reflect the actual status of an entitlement. Furthermore, "canbedeleted.Value~#~char" as a status might not correctly represent whether an entitlement is active or deleted.
Given these points, the corrected approach involves properly configuring the statusConfig to dynamically reflect the actual status of entitlements based on data from the source system. If canbedeleted.Value does not accurately indicate an entitlement's deletion (instead indicating if it can be deleted), you need a different attribute from your Dynamics 365 response that directly indicates an entitlement's active or deleted status.
Identify the Correct Attribute: Determine the correct attribute from Dynamics 365 that indicates an entitlement's deletion status. For the sake of this correction, let's assume such an attribute is isDeleted (where true indicates the entitlement is deleted).
Adjust the statusConfig and Remove "active": "true": Since static mapping as active is incorrect for deleted entitlements, adjust the statusConfig to use the correct attribute for dynamically mapping the status.
Correct Configuration for entitlementParams:
"entitlementParams": {
"connection": "userAuth",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"processingType": "SequentialAndIterative",
"entTypes": {
"Roles": {
"entTypeOrder": 1,
"call": {
"call2": {
"callOrder": 1,
"stageNumber": 2,
"showJobHistory": true,
"http": {
"url": "https://*******.dynamics.com/api/data/v9.2/roles",
"httpMethod": "GET",
"httpHeaders": {
"OData-MaxVersion": "4.0",
"OData-Version": "4.0",
"Authorization": "${access_token}"
},
"httpContentType": "application/x-www-form-urlencoded"
},
"listField": "value",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "roleid~#~char",
"entitlement_value": "name~#~char",
"customproperty1": "isinherited~#~char",
"customproperty2": "_parentroleid_value~#~char",
"customproperty3": "createdon~#~char",
"customproperty4": "_businessunitid_value~#~char",
"customproperty5": "_createdby_value~#~char",
"customproperty6": "modifiedon~#~char",
"customproperty7": "_modifiedby_value~#~char",
"status": "isDeleted~#~char" // Assuming 'isDeleted' indicates deletion status
},
"statusConfig": {
"statusField": "isDeleted", // Correct field that indicates deletion status
"activeValues": ["false"], // Assuming 'false' indicates active
"inactiveValues": ["true"] // Assuming 'true' indicates deleted
},
"disableDeletedEntitlements": "true"
}
}
}
}
}
This corrected approach requires replacing the hypothetical isDeleted with the actual attribute used by your Dynamics 365 system to indicate an entitlement's deletion status. Ensure the mappings and values align with the actual data structure and values returned by your Dynamics 365 API responses.
03/22/2024 11:16 AM
There is no field available in the API response that indicates if the role is active or inactive. So anything that is retrieved from the API can be considered as active entitlement. Only requirement here is to inactivate the entitlement in Saviynt when the role is deleted in Dynamics which makes that disappear from API response. Once the entitlement is removed from the API response, the expectation is that it should be marked as Inactive in Saviynt.
03/24/2024 07:36 PM