and more in a single search tool across platforms. Read the announcement here. |
02/19/2024 07:56 AM
Hi All,
Successfully passed manager attribute value for high Authority/Admin account into AzureAD of the requester during the create account JSON. Manager as a second call in the create account JSON? Requirement is as per the below.
Manager | Mapped: userPrincipalName of manager’s primary Azure Active Directory account |
CreateAccountJSON:
{
"accountIdPath": "call1.message.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"comments": "call1.message.displayName~#~char",
"displayName": "call1.message.displayName~#~char",
"accountID": "call1.message.id~#~char"
},
"call": [
{
"name": "call1",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users",
"httpMethod": "POST",
"httpParams": "{\"accountEnabled\":\"true\",\"userPrincipalName\":\"adm-${user.systemUserName}@cpb-365.com\",\"displayName\":\"adm-${user.systemUserName}\",\"employeeType\":\"${user.employeeType}\",\"givenName\":\"${user.firstname}\",\"surname\":\"${user.lastname}\",\"mailNickname\":\"adm-${user.systemUserName}\",\"usageLocation\":\"${user.country}\",\"employeeId\":\"${user.employeeid}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":\"true\",\"password\": \"*****"}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
},
"unsuccessResponses": {
"statusCode": [
400,
403,
401,
404,
409,
501,
500
],
"odata~dot#error.code": [
"Request_BadRequest",
"Authentication_MissingOrMalformed",
"Request_ResourceNotFound",
"Authorization_RequestDenied",
"Authentication_Unauthorized"
]
}
},
{
"name": "call2",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users/${response.call1.message.id}/manager/\\$ref",
"httpMethod": "PUT",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/users/${usersManagerObj?.customproperty64}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
204
]
},
"unsuccessResponses": {
"statusCode": [
400,
403,
401,
404,
409,
501,
500
],
"odata~dot#error.code": [
"Request_BadRequest",
"Authentication_MissingOrMalformed",
"Request_ResourceNotFound",
"Authorization_RequestDenied",
"Authentication_Unauthorized"
]
}
}
]
}
But the issue is Importing/Reconciling Manager attribute from AzureAD into Saviynt and also Updating manager attribute in AzureAD using below updateAccountJson.
UpdateAccountJSON:
{
"call": [{
"name": "call1",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}",
"httpMethod": "PATCH",
"httpParams": "{\"manager\": \"${usersManagerObj?.customproperty64}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [200, 201, 204, 205]
}
}]
}
Thanks
Anitha Mavurapu
Solved! Go to Solution.
02/19/2024 09:47 AM
Its issue in Provisioning / Import ?
02/19/2024 10:02 AM
Hi Rushikesh,
I am seeing two issues here, one is importing manager attribute value from AzureAD High Authority / Admin Account into Saviynt account/customproperty31. Other issue is update Account provisioning is failing with the above updateAccountJSON.
Thanks
Anitha Mavurapu
02/19/2024 10:26 AM
Hi @AMavurapu
Can you please share the account import json for the 1st issue?
What is the value present in the Customproperty54
Also on the update account json- are you able to get it working from postman to update the manager value with the url you are using in update account.
Thanks
Darshan
02/19/2024 02:29 PM
Hi Darshan,
Thanks for your response, please find the below AccountImportJSON and customproperty64 is holding Guid of manager's Primary AzureAD account.
AccountImportJSON:
{
"acctLabels":{
"customproperty1": "FirstName",
"customproperty2": "LastName",
"customproperty10": "AccountEnabled",
"customproperty21": "employeeId",
"customproperty22": "usageLocation",
"customproperty23": "displayName",
"customproperty24": "mailNickName",
"customproperty25": "employeeType",
"customproperty27": "onPremisesSyncEnabled",
"customproperty31": "manager"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty10": "accountEnabled~#~char",
"customproperty21": "employeeId~#~char",
"customproperty22": "usageLocation~#~char",
"customproperty23": "displayName~#~char",
"customproperty24": "mailNickName~#~char",
"customproperty25": "employeeType~#~char",
"customproperty27": "onPremisesSyncEnabled~#~char",
"customproperty31": "manager~#~char"
}
}
Thanks
Anitha Mavurapu
02/19/2024 02:34 PM
Please use the following in the ACCOUNT_IMPORT_FIELDS:
id,userPrincipalName,displayName,givenName,surname,businessPhones,mailNickname,streetAddress,city,state,postalCode,accountEnabled,country,companyName,employeeId,employeeHireDate,givenName,jobTitle,preferredLanguage,manager,employeeType,department&$expand=manager
& mapping
"customproperty18":"manager.userPrincipalName~#~char",
02/19/2024 02:58 PM
AzureAD AccountImport Job failed with below error after updating Account_Import_Fields and mapping as you mentioned above. For your reference please find the changes below. Please let me know the corrections. Thanks in advance....
Account_Attributes:
{
"acctLabels":{
"customproperty1": "FirstName",
"customproperty2": "LastName",
"customproperty10": "AccountEnabled",
"customproperty21": "employeeId",
"customproperty22": "usageLocation",
"customproperty23": "displayName",
"customproperty24": "mailNickName",
"customproperty25": "employeeType",
"customproperty27": "onPremisesSyncEnabled",
"customproperty18": "manager"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty10": "accountEnabled~#~char",
"customproperty21": "employeeId~#~char",
"customproperty22": "usageLocation~#~char",
"customproperty23": "displayName~#~char",
"customproperty24": "mailNickName~#~char",
"customproperty25": "employeeType~#~char",
"customproperty27": "onPremisesSyncEnabled~#~char",
"customproperty18": "manager.userPrincipalName~#~char"
}
Account_Import_Fields:
id,userPrincipalName,givenName,surname,accountEnabled,employeeId,usageLocation,displayName,mailNickName,employeeType,manager,onPremisesSyncEnabled,department&$expand=manager
}
Thanks
Anitha Mavurapu
02/19/2024 04:15 PM
Its issue with your account filter
02/19/2024 04:19 PM
Here is the Accounts_Filter:(startswith(userPrincipalName,'adm-')%20and%20onPremisesSyncEnabled%20ne%20true)
Thanks
Anitha Mavurapu
02/19/2024 05:29 PM
try below
startswith(userPrincipalName,'adm-') and onPremisesSyncEnabled eq false
02/19/2024 10:29 AM
Your update account JSON is wrong use below
{
"call": [
{
"name": "call1",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users/${response.call1.message.id}/manager/\\$ref",
"httpMethod": "PUT",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/users/${usersManagerObj?.customproperty64}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}
02/19/2024 11:09 AM
Thanks for you response @rushikeshvartak, tried using above UpdateAccountJSON that you provided, but update Account task provisioning failed with below provisioning comments.
UpdateAccountJSON:
{ "call": [ { "name": "call1", "connection": "userAuth", "url": "https://graph.microsoft.com/v1.0/users/${response.call1.message.id}/manager/\\$ref", "httpMethod": "PUT", "httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/users/${usersManagerObj?.customproperty64}\"}", "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "application/json", "successResponses": { "statusCode": [ 200, 201, 204, 205 ] } } ] }
Thanks
Anitha Mavurapu
02/19/2024 11:58 AM
Updated url
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}/manager/\\$ref",
02/26/2024 12:48 AM
Hi @rushikeshvartak ,
Thank you for your response.....Updated above URL that you provided in UpdateAccountJSON and it worked successfully updating manager attribute in AAD target system.
Thanks
Anitha Mavurapu
02/19/2024 10:30 AM
Are you able to map manager to Account- owner tab in saviynt ?
02/26/2024 02:31 AM
Hi @rushikeshvartak,
Still seeing issue with importing manager attribute value from AAD target into Saviynt, could you please provide your suggestion to achieve this requirement. For your reference please find the below details . Please let me know if you need more details, thanks in advance.
Manager attribute is holding the GUID of the manager's primary Azure AD account.
Manager | Mapped: userPrincipalName of manager’s primary Azure Active Directory account |
Account_Attributes:
{
"acctLabels":{
"customproperty1": "FirstName",
"customproperty2": "LastName",
"customproperty10": "AccountEnabled",
"customproperty21": "employeeId",
"customproperty22": "usageLocation",
"customproperty23": "displayName",
"customproperty24": "mailNickName",
"customproperty25": "employeeType",
"customproperty27": "onPremisesSyncEnabled",
"customproperty18": "manager"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty10": "accountEnabled~#~char",
"customproperty21": "employeeId~#~char",
"customproperty22": "usageLocation~#~char",
"customproperty23": "displayName~#~char",
"customproperty24": "mailNickName~#~char",
"customproperty25": "employeeType~#~char",
"customproperty27": "onPremisesSyncEnabled~#~char",
"customproperty18": "manager.userPrincipalName~#~char"
}
}
Account_Import_Fields:
id,userPrincipalName,givenName,surname,accountEnabled,employeeId,usageLocation,displayName,mailNickName,employeeType,manager,onPremisesSyncEnabled
Accounts_Filter:
(startswith(userPrincipalName,'adm-')%20and%20onPremisesSyncEnabled%20ne%20true)
Postman Validation:
Thanks,
Anitha Mavurapu
03/05/2024 10:29 AM
You can update the below value in ACCOUNT_IMPORT_FIELDS
id,userPrincipalName,givenName,surname,accountEnabled,employeeId,usageLocation,displayName,mailNickName,employeeType,manager,onPremisesSyncEnabled&$expand=manager