Saviynt Forums

reshma_sonawane · ‎07/24/2023

Hi Team,

We are using REST connector in one of our implementation. We have account import set up to import accounts and group memberships of user. However, we could see that it is not importing group membership of user.

We don't have separate API to get group memberships. It is given as part of get user api like below API response:

User in above screenshot has 2 roles assigned. These roles are loaded manually in saviynt as there is no separate API available for it. Now when we run import job, it fetches the data also gets group memberships in CP31 but we don't see it in associated entitlements tabs. Please find json below:

importacctentJSON:

{

"accountParams": {

"connection": "acctAuth",

"processingType": "SequentialAndIterative",

"statusAndThresholdConfig": {

"deleteLinks": true,

"accountThresholdValue": 30,

"correlateInactiveAccounts": false,

"inactivateAccountsNotInFile": true,

"deleteAccEntForActiveAccounts": true

},

"call": {

"call1": {

"http": {

"url": "xxxxxxx",

"httpHeaders": {

"Cookie": "${access_token}"

},

"httpContentType": "application/x-www-form-urlencoded",

"httpMethod": "GET"

},

"listField": "",

"keyField": "accountID",

"colsToPropsMap": {

"accountID": "id~#~char",

"name":"loginName~#~char",

"customproperty1": "firstName~#~char",

"customproperty2": "lastName~#~char",

"customproperty3": "city~#~char",

"customproperty4": "emailAddress~#~char",

"status": "disabled~#~char",

"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"

},

"statusConfig": {

"active": "false",

"inactive": "true"

},

"disableDeletedAccounts": true

}

},

"acctEntMappings": {

"Roles": {

"listPath": "",

"idPath": "roles",

"keyField": "entitlementID"

}

},

"entitlementParams":{

},

"acctEntParams" : {

"processingType": "acctToEntMapping"

}

Can someone suggest how to translate entitlement mapping from CP31 to associated entitlements.

Thanks,

Reshma

pmahalle · ‎07/25/2023

Hi @reshma_sonawane ,

Can you change listPath as "roles" and idPath as blank, as below:

"acctEntMappings": {

"Roles": {

"listPath": "roles",

"idPath": "",

"keyField": "entitlementID"

Regards,
Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept it As Solution to help others who may have a similar problem.

reshma_sonawane · ‎07/25/2023

Hi @pmahalle ,

Thanks. Tried this but it din't work.

naveenss · ‎07/25/2023

Hi @reshma_sonawane , please keep the idPath blank. and keep the listPath as roles under acctEntMappings

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

reshma_sonawane · ‎07/25/2023

Hi,

Tried with this but no luck.

Thanks,

sudeshjaiswal · ‎07/25/2023

Hello @reshma_sonawane,

Please try with the below json, seem acctentmapping need to be modified,
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"deleteLinks": true,
"accountThresholdValue": 30,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"http": {
"url": "xxxxxxx",
"httpHeaders": {
"Cookie": "${access_token}"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name":"loginName~#~char",
"customproperty1": "firstName~#~char",
"customproperty2": "lastName~#~char",
"customproperty3": "city~#~char",
"customproperty4": "emailAddress~#~char",
"status": "disabled~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"statusConfig": {
"active": "false",
"inactive": "true"
},
"disableDeletedAccounts": true
}
},
"acctEntMappings": {
"Roles": {
"listPath": "roles",
"idPath": "",
"keyField": "entitlementID"
}
}
},
"entitlementParams":{
},
"acctEntParams" : {
"processingType": "acctToEntMapping"
}
}

Thanks,

sudeshjaiswal · ‎07/25/2023

Hello @reshma_sonawane,

Can you please provide the postman response?

Thanks,

reshma_sonawane · ‎07/25/2023

Hello,

attached is postman response.

Thanks,

Reshma

[Edited attachment to mask PII info by moderator. Note: Please make sure to mask any PII information from post and attached logs and images]

shreyascn · ‎07/25/2023

Hello @reshma_sonawane

Since the roles are in array format, You can import the roles into customproperty 29 and use a custom query to transform into the ideal customproperty31 and then run access import. The three jobs account Import, custom query to update cp31, Access import can be sequenced in Trigger chain job.

Sample custom query you can test for one of the accounts by hardcoding the accountkey-

update accounts a set a.customproperty31=concat('{"Applications":{"entIds":["',replace(replace(replace(a.customproperty30,'[',''),']',''),', ','","'),'"],"keyField":"entitlement_value"}}') where a.endpointkey=97 and a.accountkey=<XXX> limit 3;

Cp 31 post running the custom query job to update the account
{"Roles":{"entIds":["IEHP PCS All","P-Reporting""IEHP Buyer",],"keyField":"entitlement_value"}}

NOTE: The entitlements should already be present in the endpoint with the entitlement value exactly as above.
Use below

{
  "accountParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
    "statusAndThresholdConfig": {
      "deleteLinks": true,
      "accountThresholdValue": 30,
      "correlateInactiveAccounts": false,
      "inactivateAccountsNotInFile": true,
      "deleteAccEntForActiveAccounts": true
    },
    "call": {
      "call1": {
        "http": {
          "url": "xxxxxxx",
          "httpHeaders": {
            "Cookie": "${access_token}"
          },
          "httpContentType": "application/x-www-form-urlencoded",
          "httpMethod": "GET"
        },
        "listField": "",
        "keyField": "accountID",
        "colsToPropsMap": {
          "accountID": "id~#~char",
          "name": "loginName~#~char",
          "customproperty1": "firstName~#~char",
          "customproperty2": "lastName~#~char",
          "customproperty3": "city~#~char",
          "customproperty4": "emailAddress~#~char",
          "status": "disabled~#~char",
		  "customproperty30": "roles~#~char"
          "customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
        },
        "statusConfig": {
          "active": "false",
          "inactive": "true"
        },
        "disableDeletedAccounts": true
      }
    },
    "acctEntMappings": {
      "Roles": {}
    }
  },
  "entitlementParams": {  "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
    "entTypes": {
        	"Roles": {}
			}
  },
  "acctEntParams": {
    "processingType": "acctToEntMapping"
  }
}

reshma_sonawane · ‎07/25/2023

Thanks for your response.

We are getting roles mapping in CP31 as required after execution of account import. We are seeing issue where it is not reflecting in associated entitlements tab for the respective account.

naveenss · ‎07/25/2023

@reshma_sonawane please share the sample value stored in customproperty31

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

reshma_sonawane · ‎07/26/2023

{"Roles":{"entIds":["IEHP PCS All","P-Reporting","IEHP Buyer","IEHP View All","P-Requestor"],"keyField":"entitlementID"}}

naveenss · ‎07/26/2023

Hi @reshma_sonawane thanks for sharing the info. The acctEntMappings should be something like below:

"acctEntMappings": {

"Roles": {

"listPath": "Roles",

"idPath": "",

"keyField": "entitlementID"

}

I also see that you're not importing any entitlements under the EntitlementParams? In that case, I don't think its going to work. If we are not importing the entitlements through EntitlementParams, the account-entitlement association won't happen as per my previous experience. Please try importing the entitlements from the account API itself.

Also, please make sure you're running the account import first followed by access import. Let me know if this helps!

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

sudeshjaiswal · ‎07/25/2023

Hello @reshma_sonawane,

Please try the below json,
----JSON-----
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty11",
"activeStatus": [
"false"
],
"deleteLinks": true,
"accountThresholdValue": 30,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"http": {
"url": "xxxxxxx",
"httpHeaders": {
"Cookie": "${access_token}"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "loginName~#~char",
"customproperty1": "firstName~#~char",
"customproperty2": "lastName~#~char",
"customproperty3": "city~#~char",
"customproperty4": "emailAddress~#~char",
"customproperty11": "disabled~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"Roles": {
"listPath": "roles",
"idPath": "",
"keyField": "entitlementID"
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Roles": {}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}

-------------------------------------

reshma_sonawane · ‎07/26/2023

Tied this but it did not work.

Thanks,

Reshma

Vedanth_BK · ‎07/26/2023

Hi @reshma_sonawane

Please confirm if you are running both accounts and access import?
if yes, please share the debug logs for both runs.

Thank you
Vedanth B.K

reshma_sonawane · ‎07/27/2023

Thanks @sudeshjaiswal @Vedanth_BK @shreyascn for your inputs. It worked with json shared by @sudeshjaiswal and after running access import job.

Saviynt Forums

Issue with Acct entitlement mapping in REST connector where Acc to Ent mapping api is not available.