Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/04/2024 04:35 AM
Hi All,
Application endpoint is connecting through REST connector.
We have to recon the entitlements/group from a single API. The response of the GET user API contains the group information also and we do not have a separate API to import groups, please find the response format below.
[
{
"id": "userid",
"name": "xx xx",
"email": "xx.xx@domain.com",
"application": "xxxx",
"entitlements": [
{
"id": "xxxxx-access"
},
{
"id": "superuser"
}
]
},
{
"id": "userid2",
"name": "xx xx",
"email": "xx.xx@domain.com",
"application": "xxxx",
"entitlements": [
{
"id": "xx-access"
},
{
"id": "superuser"
}
]
}
]
Accounts are already imported.
We have written the attached json, but although the FullAccess recon is success, but it is not importing the entitlements/groups and grouping in the user.
Please verify and suggest the corrections.
Thanks
Solved! Go to Solution.
07/04/2024 05:40 AM - edited 07/04/2024 05:42 AM
Hi @DG1811 please try with the below JSON
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty5",
"activeStatus": [
"true"
],
"deleteLinks": true,
"accountThresholdValue": 10,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"acctEntMappings": {
"Role": {
"importAsEntitlement": true,
"listPath": "entitlements",
"idPath": "id",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "id~#~char",
"entitlementID": "id~#~char"
}
}
},
"call": {
"call1": {
"callOrder": 0,
"listField": "",
"keyField": "accountID",
"http": {
"url": "https://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"httpMethod": "GET",
"httpContentType": "application/json",
"httpHeaders": {
"Authentication": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"Accept": "application/json"
}
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "id~#~char",
"displayName": "eid~#~char",
"customproperty2": "application~#~char",
"customproperty3": "name~#~char",
"customproperty4": "email~#~char",
"customproperty5": "entitlements~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"pagination": {
"page": {
"pageSizeParam": "size",
"pageSize": 10,
"pageRecordCount": "completeResponseMap.page.count",
"pageNumberParam": "page",
"totalCountPath": "completeResponseMap.page.totalResources",
"firstPageNumber": 0
}
}
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Role": {
"entTypeOrder": 0,
"call": {}
}
}
},
"acctEntParams": {
"entTypes": {
"Role": {
"call": {
"call1": {
"processingType": "acctToEntMapping",
"http": {}
}
}
}
}
}
}
07/04/2024 06:42 AM
Hi Naveen,
Thanks for the update.
I updated the connection and ran the FullAccessImport, but it did not return the groups/roles(as tagged by you) in the endpoint. 😞
Thanks
07/04/2024 06:47 AM
@DG1811 do you see any error in the logs?
also, please share response from postman.
07/04/2024 07:04 AM
Hi @naveenss ,
Please note the current state of the accounts are inactive and also i do not see any error in the logs. Also the response i have added in the request itself in the top. Still attaching the snapshot for your reference.
Thanks
07/04/2024 07:07 AM
Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .
‼️‼️⚠️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.⚠️‼️‼️
07/04/2024 07:08 AM
@DG1811 thanks for this. please see the updated JSON
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"acctEntMappings": {
"Role": {
"importAsEntitlement": true,
"listPath": "entitlements",
"idPath": "id",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "id~#~char",
"entitlementID": "id~#~char"
}
}
},
"call": {
"call1": {
"callOrder": 0,
"listField": "",
"keyField": "accountID",
"http": {
"url": "https://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"httpMethod": "GET",
"httpContentType": "application/json",
"httpHeaders": {
"Authentication": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"Accept": "application/json"
}
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "id~#~char",
"customproperty2": "application~#~char",
"customproperty3": "name~#~char",
"customproperty4": "email~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"pagination": {
"page": {
"pageSizeParam": "size",
"pageSize": 10,
"pageRecordCount": "completeResponseMap.page.count",
"pageNumberParam": "page",
"totalCountPath": "completeResponseMap.page.totalResources",
"firstPageNumber": 0
}
}
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Role": {
"entTypeOrder": 0,
"call": {}
}
}
},
"acctEntParams": {
"entTypes": {
"Role": {
"call": {
"call1": {
"processingType": "acctToEntMapping",
"http": {}
}
}
}
}
}
}
Note: With the updated JSON make sure you run account import followed by access import. Let me know the result.
07/04/2024 08:09 AM
Hi @naveenss ,
Thanks it worked, now we have the two entitlements in the list, but as part of the previous import there are other entitlements those are created as part of the different Entitlement Type marked in blue, can you help me with the process to get them removed.
Thanks
07/04/2024 08:35 AM
Use same above JSON and make typo with Entitlement Type as Group Which will fail and remove all entitlement mapping
07/04/2024 09:18 AM
Hi @rushikeshvartak ,
But in that case i suppose it will create a new entitlementtype. Can you please draft me the json.
Thanks
07/04/2024 09:26 AM
You already have entitlement type Groups and you have to remove entitlement - account mapping since ent type exists it will not create new
07/04/2024 09:46 AM
It did not work, i updated the ent type and other places from Role to Group and did a typo, it failed, but the mapping did not go.
Please suggest.
Thanks