Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/26/2023 12:36 PM
Could someone provide some details on how to configure incremental import for users from AD?
Thanks
-Fran
09/26/2023 01:06 PM
Hi Fran, you can find the details here
https://docs.saviyntcloud.com/bundle/AzureAD-v2021x/page/Content/Import-Recommendations.htm
Hope you are using OOTB Azure connector. Then it is just a matter of scheduling incremental jobs. I am not sure if you are using REST then it is possible or not.
Note : Azure AD supports incremental import for only users and groups. When you run the incremental import, it performs a full import for other entitlement types and an incremental import for users and groups.
09/26/2023 09:48 PM
Hi @fy
Below sceenshot will help you to configure incremental import job for user
Refer the below docs for more details.
User Import via a Connection (UserImportJob) topic
Saviynt Documentation (saviyntcloud.com)
Importing users from AD
Configuring the Integration for Importing Users (saviyntcloud.com)
Let me know if it works
09/28/2023 10:04 AM
Thanks for your reply.
I managed to get AD incremental user import work. but I am running one issue which is all users who are not in the import feed got deactivated even though we set No Action in the Job configuration.
Any idea on this issue?
Thanks
-Fran
09/28/2023 10:14 AM - edited 09/28/2023 10:09 PM
@fy did you configure the STATUSKEYJSON parameter in connection?
09/28/2023 11:00 AM
Yes
{"STATUS_ACTIVE": ["Active","Active: Approver"],"STATUS_INACTIVE": ["Inactive",""]}
09/28/2023 11:15 AM
@fy could you please share USER_ATTRIBUTE mapping
09/28/2023 11:52 AM
Hi -,
This is our user_attribute
[
USERNAME::cn#String,
LASTNAME::sn#String,
FIRSTNAME::givenName#String,
DISPLAYNAME::displayName#String,
EMPLOYEEID::hpBPNumber#String,
EMAIL::mail#String,
COMPANYNAME::hpProviderID#String,
statuskey::hpStatus#String,
EMPLOYEECLASS::#CONST#Partner,
CUSTOMPROPERTY24::hpStatus#String,
CUSTOMPROPERTY30::hpStatus#String,
CUSTOMPROPERTY31::hpLiason#String,
systemUserName::sAMAccountName#String,
CREATEDATE::whenCreated#date,
UPDATEDATE::whenChanged#date,
RECONCILATION_FIELD::USERNAME
]
The hpStatus ='Active', or 'Active: Approver', or 'Inactive', or ""
09/28/2023 10:16 PM
@fy Could you please try belowUSER_ATTRIBUTE JSON and also remove duplicate mappings.
STATUSKEYJSON Must cover all possible values for ACTIVE and INACTIVE .
[
USERNAME::cn#String,
LASTNAME::sn#String,
FIRSTNAME::givenName#String,
DISPLAYNAME::displayName#String,
EMPLOYEEID::hpBPNumber#String,
EMAIL::mail#String,
COMPANYNAME::hpProviderID#String,
statuskey::hpStatus#String,
EMPLOYEECLASS::#CONST#Partner,
CUSTOMPROPERTY24::hpStatus#String,
CUSTOMPROPERTY30::hpStatus#String,
CUSTOMPROPERTY31::hpLiason#String,
systemUserName::sAMAccountName#String,
CREATEDATE::whenCreated#date,
UPDATEDATE::whenChanged#date,
CUSTOMPROPERTY10::objectGUID#Binary,
RECONCILATION_FIELD::CUSTOMPROPERTY10
]