Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Inactivate entitlements deleted in endsystem REST Connector

VamsheeVazza
New Contributor III
New Contributor III

We have a REST based connector application.
We are still seeing the entitlements deleted in endsystem as active in Saviynt. this is causing tasks to fail in production.
How can we make those entitlements inactivate or not requestable in saviynt?

Does adding below config to status config works?

"inactivateEntsNotInFeed": true, 

8 REPLIES 8

rushikeshvartak
All-Star
All-Star

Refer https://forums.saviynt.com/t5/identity-governance/rest-connector-access-import/m-p/109873#M73115

 

Copying solutions

Found that entThresholdValue need to be defined in StatusThresholdConfig block for the doNotChangeIfFailed tag defined in importAcctEntJson to work as expected. 

 "doNotChangeIfFailed": true,

SampleStatusThresholdConfig Json

{
  "statusAndThresholdConfig": {
    "accountThresholdValue": 100,
    "inactivateAccountsNotInFile": true,
    "statusColumn": "customproperty30",
    "activeStatus": [
      "ENABLE",
      "PROVISIONED"
    ],
    "inactivateEntsNotInFeed": true,
    "entThresholdValue": {
      "entType": {
        "Group": {
          "ent": 100
        },
        "Role": {
          "ent": 100
        }
      }
    }
  }
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

VamsheeVazza
New Contributor III
New Contributor III

below the existing configurations

Import Json

{
"accountParams": {
"createUsers": false,
"adminName": "admin",
"processingType": "SequentialAndIterative",
"connection": "acctAuth",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"unsuccessResponses": {
"statusCode": [
500,
403,
409
]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "abc",
"httpHeaders": {
"Authorization": "${access_token}",
"X-Agent": "abc",
"X-Channel": "abc"
},
"httpMethod": "GET",
"httpContentType": "application/x-www-form-urlencoded"
},
"listField": "",
"keyField": "accountID",
"statusConfig": {
"active": "Active",
"inactive": "Suspended"
},
"colsToPropsMap": {
"accountID": "userId~#~char",
"name": "userId~#~char",
"DISPLAYNAME": "userId~#~char",
"LASTLOGONDATE": "lastLoginTimestamp~#~char",
"customproperty10": "resourceId~#~char",
"customproperty11": "clientId~#~char",
"customproperty12": "jobDescriptionName~#~char",
"customproperty13": "workLocationCode~#~char",
"customproperty14": "emailAddress~#~char",
"customproperty15": "comments~#~char",
"customproperty16": "status~#~char",
"customproperty17": "firstName~#~char",
"customproperty18": "lastName~#~char",
"customproperty19": "#CONST#${String accs = response.accessList; SpAcc = accs.replace(\"]\",\"\\\"]\").replace(\"[\",\"[\\\"\").replace(\", \",\"\\\", \\\"\"); return SpAcc}~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"Entitlement_CSP": {
"listPath": "roleNames",
"idPath": "",
"keyField": "entitlementID",
"importAsEntitlement": false
}
}
},
"entitlementParams": {
"adminName": "admin",
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Entitlement_CSP": {
"entTypeOrder": 1,
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"unsuccessResponses": {
"statusCode": [
500,
403,
409
]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "abc",
"httpHeaders": {
"Authorization": "${access_token}",
"X-Agent": "abc",
"X-Channel": "abc"
},
"httpMethod": "GET",
"httpContentType": "application/x-www-form-urlencoded"
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "name~#~char",
"ENTITLEMENT_VALUE": "name~#~char",
"displayname": "name~#~char",
"DESCRIPTION": "description~#~char",
"STATUS": "active~#~char",
"customproperty11": "#CONST#True~#~char",
"customproperty16": "resourceId~#~char",
"customproperty21": "#CONST#Yes~#~char"
}
}
}
},
"WorkLocation_CSP": {
"entTypeOrder": 2,
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"unsuccessResponses": {
"statusCode": [
500,
403,
409
]
},
"call": {
"call1": {
"callOrder": 2,
"stageNumber": 0,
"http": {
"url": "abc",
"httpHeaders": {
"Authorization": "${access_token}",
"X-Agent": "abc",
"X-Channel": "abc"
},
"httpMethod": "GET",
"httpContentType": "application/x-www-form-urlencoded"
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "resourceId~#~char",
"ENTITLEMENT_VALUE": "locationCode~#~char",
"displayname": "#CONST#${String op = response.locationCode; String target = response.description; ret = op + \" - \" + target; return ret.replace(',', '')}~#~char",
"DESCRIPTION": "description~#~char"
}
}
}
},
"JobDescription_CSP": {
"entTypeOrder": 3,
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"unsuccessResponses": {
"statusCode": [
500,
403,
409
]
},
"call": {
"call1": {
"callOrder": 3,
"stageNumber": 0,
"http": {
"url": "abcc",
"httpHeaders": {
"Authorization": "${access_token}",
"X-Agent": "abc",
"X-Channel": "abc"
},
"httpMethod": "GET",
"httpContentType": "application/x-www-form-urlencoded"
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "resourceId~#~char",
"ENTITLEMENT_VALUE": "name~#~char",
"displayname": "#CONST#${String op = response.name; String target = response.description; ret = op + \" - \" + target; return ret.replace(',', '')}~#~char",
"DESCRIPTION": "description~#~char"
}
}
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}

 

Status Config JSON

{
"statusAndThresholdConfig": {
"statusColumn": "customproperty16",
"activeStatus": [
"Active"
],
"deleteLinks": true,
"accountThresholdValue": 800,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": false,
"accountNotInImportAction": "Suspend"
}
}

Did you added configs in status threshold config ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

VamsheeVazza
New Contributor III
New Contributor III

updated status config as below the import job is failing

{
"statusAndThresholdConfig": {
"statusColumn": "customproperty16",
"activeStatus": [
"Active"
],
"deleteLinks": true,
"accountThresholdValue": 2500,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": false,
"accountNotInImportAction": "Suspend",
"entThresholdValue": {
"entType": {
"Entitlement_CSP": {
"ent": 200
},
"WorkLocation_CSP": {
"ent": 200
},
"JobDescription_CSP": {
"ent": 200
}
}
}
}
}

inactivateEntsNotInFeed is missing


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

VamsheeVazza
New Contributor III
New Contributor III

that setting is making all the entitlements inactive

Does entitlement is deleted from target ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

VamsheeVazza
New Contributor III
New Contributor III

Nope they are still there