Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Issue with Acct entitlement mapping in REST connector where Acc to Ent mapping api is not available.

reshma_sonawane
New Contributor III
New Contributor III

Hi Team,

We are using REST connector in one of our implementation. We have account import set up to import accounts and group memberships of user. However, we could see that it is not importing group membership of user.
 
We don't have separate API to get group memberships. It is given as part of get user api like below API response:
reshma_sonawane_0-1690266475316.png

User in above screenshot has 2 roles assigned. These roles are loaded manually in saviynt as there is no separate API available for it. Now when we run import job, it fetches the data also gets group memberships in CP31 but we don't see it  in associated entitlements tabs. Please find json below:

reshma_sonawane_1-1690266670263.pngreshma_sonawane_2-1690267177826.png
importacctentJSON:
{
  "accountParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
    "statusAndThresholdConfig": {
      "deleteLinks": true,
      "accountThresholdValue": 30,
      "correlateInactiveAccounts": false,
      "inactivateAccountsNotInFile": true,
      "deleteAccEntForActiveAccounts": true
    },
    "call": {
      "call1": {
        "http": {
          "url": "xxxxxxx",
          "httpHeaders": {
            "Cookie": "${access_token}"
          },
          "httpContentType": "application/x-www-form-urlencoded",
          "httpMethod": "GET"
        },
        "listField": "",
        "keyField": "accountID",
        "colsToPropsMap": {
          "accountID": "id~#~char",
          "name":"loginName~#~char",
    "customproperty1": "firstName~#~char",
          "customproperty2": "lastName~#~char",
          "customproperty3": "city~#~char",
          "customproperty4": "emailAddress~#~char",
    "status": "disabled~#~char",
          "customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
        },
  "statusConfig": {
          "active": "false",
          "inactive": "true"
        },
        "disableDeletedAccounts": true
      }
    },
"acctEntMappings": {
      "Roles": {
        "listPath": "",
        "idPath": "roles",
        "keyField": "entitlementID"
      }
    }
  },
  "entitlementParams":{
  },
  "acctEntParams" : {
   "processingType": "acctToEntMapping"
  }
}
 
Can someone suggest how to translate entitlement mapping from CP31 to associated entitlements.
 
Thanks,
Reshma

 

16 REPLIES 16

pmahalle
All-Star
All-Star

Hi @reshma_sonawane ,

Can you change listPath as "roles" and idPath as blank, as below:

 
"acctEntMappings": {
      "Roles": {
        "listPath": "roles",
        "idPath": "",
        "keyField": "entitlementID"

Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

Hi @pmahalle ,

Thanks. Tried this but it din't work.

naveenss
All-Star
All-Star

Hi @reshma_sonawane , please keep the idPath blank. and keep the listPath as roles under acctEntMappings

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Hi, 

Tried with this but no luck.

Thanks,

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @reshma_sonawane,

Please try with the below json, seem acctentmapping need to be modified,
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"deleteLinks": true,
"accountThresholdValue": 30,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"http": {
"url": "xxxxxxx",
"httpHeaders": {
"Cookie": "${access_token}"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name":"loginName~#~char",
"customproperty1": "firstName~#~char",
"customproperty2": "lastName~#~char",
"customproperty3": "city~#~char",
"customproperty4": "emailAddress~#~char",
"status": "disabled~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"statusConfig": {
"active": "false",
"inactive": "true"
},
"disableDeletedAccounts": true
}
},
"acctEntMappings": {
"Roles": {
"listPath": "roles",
"idPath": "",
"keyField": "entitlementID"
}
}
},
"entitlementParams":{
},
"acctEntParams" : {
"processingType": "acctToEntMapping"
}
}

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @reshma_sonawane,

Can you please provide the postman response?

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Hello,

attached is postman response.

Thanks,

Reshma

[Edited attachment to mask PII info by moderator. Note: Please make sure to mask any PII information from post and attached logs and images]

Hello @reshma_sonawane 

Since the roles are in array format, You can import the roles into customproperty 29 and use a custom query to transform into the ideal customproperty31 and then run access import. The three jobs account Import, custom query to update cp31, Access import can be sequenced in Trigger chain job. 

Sample custom query you can test for one of the accounts by hardcoding the accountkey- 

update accounts a set a.customproperty31=concat('{"Applications":{"entIds":["',replace(replace(replace(a.customproperty30,'[',''),']',''),', ','","'),'"],"keyField":"entitlement_value"}}') where a.endpointkey=97 and a.accountkey=<XXX> limit 3;

Cp 31 post running the custom query job to update the account 
{"Roles":{"entIds":["IEHP PCS All","P-Reporting""IEHP Buyer",],"keyField":"entitlement_value"}}

NOTE: The entitlements should already be present in the endpoint with the entitlement value exactly as above. 
Use below 

 

 

{
  "accountParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
    "statusAndThresholdConfig": {
      "deleteLinks": true,
      "accountThresholdValue": 30,
      "correlateInactiveAccounts": false,
      "inactivateAccountsNotInFile": true,
      "deleteAccEntForActiveAccounts": true
    },
    "call": {
      "call1": {
        "http": {
          "url": "xxxxxxx",
          "httpHeaders": {
            "Cookie": "${access_token}"
          },
          "httpContentType": "application/x-www-form-urlencoded",
          "httpMethod": "GET"
        },
        "listField": "",
        "keyField": "accountID",
        "colsToPropsMap": {
          "accountID": "id~#~char",
          "name": "loginName~#~char",
          "customproperty1": "firstName~#~char",
          "customproperty2": "lastName~#~char",
          "customproperty3": "city~#~char",
          "customproperty4": "emailAddress~#~char",
          "status": "disabled~#~char",
		  "customproperty30": "roles~#~char"
          "customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
        },
        "statusConfig": {
          "active": "false",
          "inactive": "true"
        },
        "disableDeletedAccounts": true
      }
    },
    "acctEntMappings": {
      "Roles": {}
    }
  },
  "entitlementParams": {  "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
    "entTypes": {
        	"Roles": {}
			}
  },
  "acctEntParams": {
    "processingType": "acctToEntMapping"
  }
}

 

 

 

Thanks for your response.

We are getting roles mapping in CP31 as required after execution of account import. We are seeing issue where it is not reflecting in associated entitlements tab for the respective account.

reshma_sonawane_0-1690345495650.png

 

@reshma_sonawane  please share the sample value stored in customproperty31

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

{"Roles":{"entIds":["IEHP PCS All","P-Reporting","IEHP Buyer","IEHP View All","P-Requestor"],"keyField":"entitlementID"}}

Hi @reshma_sonawane  thanks for sharing the info. The acctEntMappings should be something like below:

 

"acctEntMappings": {
      "Roles": {
        "listPath": "Roles",
        "idPath": "",
        "keyField": "entitlementID"
      }
    }
I also see that you're not importing any entitlements under the EntitlementParams? In that case, I don't think its going to work. If we are not importing the entitlements through EntitlementParams, the account-entitlement association won't happen as per my previous experience. Please try importing the entitlements from the account API itself. 
 
Also, please make sure you're running the account import first followed by access import. Let me know if this helps!

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @reshma_sonawane,

Please try the below json,
----JSON-----
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty11",
"activeStatus": [
"false"
],
"deleteLinks": true,
"accountThresholdValue": 30,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"http": {
"url": "xxxxxxx",
"httpHeaders": {
"Cookie": "${access_token}"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GET"
},
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "loginName~#~char",
"customproperty1": "firstName~#~char",
"customproperty2": "lastName~#~char",
"customproperty3": "city~#~char",
"customproperty4": "emailAddress~#~char",
"customproperty11": "disabled~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"Roles": {
"listPath": "roles",
"idPath": "",
"keyField": "entitlementID"
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Roles": {}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}

-------------------------------------

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Tied this but it did not work.

Thanks,

Reshma

Vedanth_BK
Saviynt Employee
Saviynt Employee

Hi @reshma_sonawane 

Please confirm if you are running both accounts and access import?
if yes, please share the debug logs for both runs.

Thank  you
Vedanth B.K

 

reshma_sonawane
New Contributor III
New Contributor III

Thanks @sudeshjaiswal @Vedanth_BK @shreyascn for your inputs. It worked with  json shared by @sudeshjaiswal and after running access import job.