Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/10/2024 10:30 AM
We have a REST based connector application.
We are still seeing the entitlements deleted in endsystem as active in Saviynt. this is causing tasks to fail in production.
How can we make those entitlements inactivate or not requestable in saviynt?
Does adding below config to status config works?
"inactivateEntsNotInFeed": true,
09/10/2024 10:38 AM - edited 09/10/2024 10:41 AM
Refer https://forums.saviynt.com/t5/identity-governance/rest-connector-access-import/m-p/109873#M73115
Copying solutions
Found that entThresholdValue need to be defined in StatusThresholdConfig block for the doNotChangeIfFailed tag defined in importAcctEntJson to work as expected.
"doNotChangeIfFailed": true,
SampleStatusThresholdConfig Json
{ "statusAndThresholdConfig": { "accountThresholdValue": 100, "inactivateAccountsNotInFile": true, "statusColumn": "customproperty30", "activeStatus": [ "ENABLE", "PROVISIONED" ], "inactivateEntsNotInFeed": true, "entThresholdValue": { "entType": { "Group": { "ent": 100 }, "Role": { "ent": 100 } } } } }
09/10/2024 11:21 AM
below the existing configurations
Import Json
{
"accountParams": {
"createUsers": false,
"adminName": "admin",
"processingType": "SequentialAndIterative",
"connection": "acctAuth",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"unsuccessResponses": {
"statusCode": [
500,
403,
409
]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "abc",
"httpHeaders": {
"Authorization": "${access_token}",
"X-Agent": "abc",
"X-Channel": "abc"
},
"httpMethod": "GET",
"httpContentType": "application/x-www-form-urlencoded"
},
"listField": "",
"keyField": "accountID",
"statusConfig": {
"active": "Active",
"inactive": "Suspended"
},
"colsToPropsMap": {
"accountID": "userId~#~char",
"name": "userId~#~char",
"DISPLAYNAME": "userId~#~char",
"LASTLOGONDATE": "lastLoginTimestamp~#~char",
"customproperty10": "resourceId~#~char",
"customproperty11": "clientId~#~char",
"customproperty12": "jobDescriptionName~#~char",
"customproperty13": "workLocationCode~#~char",
"customproperty14": "emailAddress~#~char",
"customproperty15": "comments~#~char",
"customproperty16": "status~#~char",
"customproperty17": "firstName~#~char",
"customproperty18": "lastName~#~char",
"customproperty19": "#CONST#${String accs = response.accessList; SpAcc = accs.replace(\"]\",\"\\\"]\").replace(\"[\",\"[\\\"\").replace(\", \",\"\\\", \\\"\"); return SpAcc}~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"Entitlement_CSP": {
"listPath": "roleNames",
"idPath": "",
"keyField": "entitlementID",
"importAsEntitlement": false
}
}
},
"entitlementParams": {
"adminName": "admin",
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Entitlement_CSP": {
"entTypeOrder": 1,
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"unsuccessResponses": {
"statusCode": [
500,
403,
409
]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "abc",
"httpHeaders": {
"Authorization": "${access_token}",
"X-Agent": "abc",
"X-Channel": "abc"
},
"httpMethod": "GET",
"httpContentType": "application/x-www-form-urlencoded"
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "name~#~char",
"ENTITLEMENT_VALUE": "name~#~char",
"displayname": "name~#~char",
"DESCRIPTION": "description~#~char",
"STATUS": "active~#~char",
"customproperty11": "#CONST#True~#~char",
"customproperty16": "resourceId~#~char",
"customproperty21": "#CONST#Yes~#~char"
}
}
}
},
"WorkLocation_CSP": {
"entTypeOrder": 2,
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"unsuccessResponses": {
"statusCode": [
500,
403,
409
]
},
"call": {
"call1": {
"callOrder": 2,
"stageNumber": 0,
"http": {
"url": "abc",
"httpHeaders": {
"Authorization": "${access_token}",
"X-Agent": "abc",
"X-Channel": "abc"
},
"httpMethod": "GET",
"httpContentType": "application/x-www-form-urlencoded"
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "resourceId~#~char",
"ENTITLEMENT_VALUE": "locationCode~#~char",
"displayname": "#CONST#${String op = response.locationCode; String target = response.description; ret = op + \" - \" + target; return ret.replace(',', '')}~#~char",
"DESCRIPTION": "description~#~char"
}
}
}
},
"JobDescription_CSP": {
"entTypeOrder": 3,
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"unsuccessResponses": {
"statusCode": [
500,
403,
409
]
},
"call": {
"call1": {
"callOrder": 3,
"stageNumber": 0,
"http": {
"url": "abcc",
"httpHeaders": {
"Authorization": "${access_token}",
"X-Agent": "abc",
"X-Channel": "abc"
},
"httpMethod": "GET",
"httpContentType": "application/x-www-form-urlencoded"
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "resourceId~#~char",
"ENTITLEMENT_VALUE": "name~#~char",
"displayname": "#CONST#${String op = response.name; String target = response.description; ret = op + \" - \" + target; return ret.replace(',', '')}~#~char",
"DESCRIPTION": "description~#~char"
}
}
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}
Status Config JSON
{
"statusAndThresholdConfig": {
"statusColumn": "customproperty16",
"activeStatus": [
"Active"
],
"deleteLinks": true,
"accountThresholdValue": 800,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": false,
"accountNotInImportAction": "Suspend"
}
}
09/10/2024 11:23 AM
Did you added configs in status threshold config ?
09/10/2024 11:32 AM - edited 09/10/2024 11:34 AM
updated status config as below the import job is failing
{
"statusAndThresholdConfig": {
"statusColumn": "customproperty16",
"activeStatus": [
"Active"
],
"deleteLinks": true,
"accountThresholdValue": 2500,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": false,
"accountNotInImportAction": "Suspend",
"entThresholdValue": {
"entType": {
"Entitlement_CSP": {
"ent": 200
},
"WorkLocation_CSP": {
"ent": 200
},
"JobDescription_CSP": {
"ent": 200
}
}
}
}
}
09/10/2024 11:33 AM
inactivateEntsNotInFeed is missing
09/10/2024 01:06 PM
that setting is making all the entitlements inactive
09/10/2024 02:31 PM
Does entitlement is deleted from target ?
09/10/2024 02:35 PM
Nope they are still there