Saviynt Forums

do12 · ‎08/28/2024

Hi

I seem to have an issue with an application where access requests result in duplicate accounts. One is correctly setup in Saviynt and shows manually provisioned when I run the provisioning job. When I run the accounts import job it doesn't link up and ends up with a duplicate showing. Can you check my JSON for any obvious errors please. I've included the ImportAccountEntJSON and the AddAccessJSON where accounts are created (no createaccountJSON or task as that is auto approved and you can't select an account with no entitlements).

NM · ‎08/28/2024

Hi @do12 , in importaccount json you are mapping account id with ID of applications but as you are using add access create account account id will be having different format.

To solve the issue either use create account json and map id recieved from API response

Or in import json map account id with name/username.

Account id field should match at the time of recon and while creating account.

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

rushikeshvartak · ‎08/28/2024

In Create account JSON account Id path is missing
Sample https://docs.saviyntcloud.com/bundle/UiPath-Guide/page/Content/Understanding-Integration-between-EIC...

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

do12 · ‎08/28/2024

Thank you both. I've updated the import json to map account id with name/username. This has worked for now while I attempt a better solution of adding a CreateAccountJSON using your advice.

rushikeshvartak · ‎08/28/2024

You should map accountidpath in CreateAccountJSON .

If you need help share api response for ceate account & json

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

do12 · ‎08/30/2024

Hi,

maybe you can help, I've got a CreateAccountJSON and I've updated my ImportAccountEntJSON and I'm still getting two accounts created. Probably something obvious I'm missing, if you spot it please let me know. Both attached here.

NM · ‎08/30/2024

@do12 ,

can you share create account postman response?

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

do12 · ‎08/30/2024

here it is:

{

"userDetail": [

{

"uniqueID": "cd8b02fb-23ee-43f9-9513-d66cdb71513c",

"name": "Test User",

"description": "",

"userType": "Interactive",

"isEnabled": true,

"externalAuthProviderName": "AzureAD",

"externalUserName": "test@test.com",

"email": "test@test.com",

"text1": "",

"text2": "",

"text3": "",

"text4": ""

}

]

}

NM · ‎08/30/2024

Use @do12 this

   {
   "accountIdPath": "Call1.message.userDetail[0].uniqueID",
      "responseColsToPropsMap": {
                 "accountID": "Call1.message.userDetail[0].uniqueID~#~char"},
	"call": [
		{
			"name": "Call1",
			"connection": "acctAuth",
			"url": "https://****.****cloud.com/****Api/api/DataProvider/GetAdoDataSetForAdapter?api-version=5.2.0",
			"httpMethod": "POST",
			"httpParams": "{\"BaseWebServerUrl\": \"https://****.****cloud.com/****Web\",\"ApplicationName\": \"Dev\",\"WorkspaceName\": \"Default\",\"AdapterName\": \"REST_CALL\",\"ResultDataTableName\": \"RestAPIResults\",\"CustomSubstVarsAsCommaSeparatedPairs\": \"Method = Add, UserName = ${user.firstname} ${user.lastname}, UserEmail = ${user.email}\"}",
			"httpHeaders": {
				"Authorization": "Bearer ${connection.token}"
			},
			"httpContentType": "application/json",
			"successResponses": {
				"statusCode": [
					201,
					200
				]
			},
			"unsuccessResponses": {
				"statusCode": [
					400,
					401,
					404,
					403,
					500
				]
			}
		}
	]
}

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

do12 · ‎08/30/2024

Its still showing 2 accounts with same AccountID when I run provisioning job then import accounts job. Data analyser query shown as attachment.

rushikeshvartak · ‎08/30/2024

Call1.message.userDetail.uniqueID

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

do12 · ‎08/30/2024

that's what I started with I attached it earlier

rushikeshvartak · ‎08/30/2024

Share logs after wsretry of create account

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

do12 · ‎08/30/2024

logs attached

NM · ‎08/30/2024

@do12 trigger the import job again

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

do12 · ‎08/30/2024

one is deleted now, screenshot attached. Doesn't look like the right outcome for audit purposes.

NM · ‎08/30/2024

@do12 that is the correct behaviour try to create new account from saviynt and see..

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

do12 · ‎08/30/2024

Thank you, as I've not worked on this platform for long I didn't want to run into any issues with this behaviour in the future but if you're saying its correct I'll accept it.

NM · ‎08/30/2024

Hi @do12 just to test everything is working like i mentioned in my previous comment.

Create an account via saviynt and then run an import job and see if it shows 2 account .. if not then it looks good.

Please click on kudos button and accept the latest solution

Thanks.

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

rushikeshvartak · ‎08/30/2024

This is not correct behavior.

If user is created from saviynt then account id also should be populated
if user created from saviynt marked as SFIS then it will be controls issue ( out of band / rogue entry
)
You need to fix accountIdPath

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

do12 · ‎08/30/2024

I followed all your steps and config and like I mentioned running import job once shows two accounts one as manually provisioned and one as Active. Then running the import job a second time sets the manually provisioned account to SUSPENDED FROM IMPORT SERVICE. Previous screenshots I supplied are still valid.

NM · ‎08/30/2024

@do12 then that not right ..it is still creating 2 accounts .

Is account id matching for both the accounts?

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

do12 · ‎08/30/2024

they look identical. Here's attributes for both accounts:

ACCOUNTKEY	ACCOUNTID	ARSTASKKEY	CREATED_ON	CREATOR	DISPLAYNAME	NAME	STATUS
142144	cc173c5a-a6a4-4fed-86e7-b88b7c61d155	1876	30/08/2024 16:09	System created		Saviynt OneStream7-Deleted on-08-30-2024 16:13	SUSPENDED FROM IMPORT SERVICE
142150	cc173c5a-a6a4-4fed-86e7-b88b7c61d155				Saviynt OneStream7	Saviynt.OneStream7@testcase.com	1

rushikeshvartak · ‎08/30/2024

Your account name is email in import json vs account name is name only during account creation. Please fix them

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

do12 · ‎08/30/2024

I've changed ImportAccountEntJSON and its working to create only one account now. However I'm unsure of how to adjust acctEntParams as entitlements are not mapping. What do I put for acctKeyField and acctIdPath now?

ImportAccountEntJSON attached and Postman response for group membership here:

{

"groupMembership": [

{

"groupID": "f45e19dc-4a0b-4550-b9a8-580ffc71462d",

"groupName": "Super_User",

"description": "",

"type": "User",

"memberName": "Mick Jagger",

"memberEmail": "mick.jagger@email.com"

}]}

rushikeshvartak · ‎08/30/2024

Please create new thread for new issue

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM · ‎08/30/2024

Hi @do12 , you haven't defined acctentparam define that ..

Do you have seperate call for each entitlement or for each account?

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Saviynt Forums

JSON issue resulting in duplicate account