Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/28/2024 02:27 AM
Hi
I seem to have an issue with an application where access requests result in duplicate accounts. One is correctly setup in Saviynt and shows manually provisioned when I run the provisioning job. When I run the accounts import job it doesn't link up and ends up with a duplicate showing. Can you check my JSON for any obvious errors please. I've included the ImportAccountEntJSON and the AddAccessJSON where accounts are created (no createaccountJSON or task as that is auto approved and you can't select an account with no entitlements).
Solved! Go to Solution.
08/28/2024 03:33 AM
Hi @do12 , in importaccount json you are mapping account id with ID of applications but as you are using add access create account account id will be having different format.
To solve the issue either use create account json and map id recieved from API response
Or in import json map account id with name/username.
Account id field should match at the time of recon and while creating account.
08/28/2024 05:49 AM
08/28/2024 06:22 AM
Thank you both. I've updated the import json to map account id with name/username. This has worked for now while I attempt a better solution of adding a CreateAccountJSON using your advice.
08/28/2024 06:23 AM
You should map accountidpath in CreateAccountJSON .
If you need help share api response for ceate account & json
08/30/2024 06:32 AM
Hi,
maybe you can help, I've got a CreateAccountJSON and I've updated my ImportAccountEntJSON and I'm still getting two accounts created. Probably something obvious I'm missing, if you spot it please let me know. Both attached here.
08/30/2024 06:58 AM
@do12 ,
can you share create account postman response?
08/30/2024 07:05 AM
here it is:
08/30/2024 07:09 AM
Use @do12 this
{
"accountIdPath": "Call1.message.userDetail[0].uniqueID", "responseColsToPropsMap": { "accountID": "Call1.message.userDetail[0].uniqueID~#~char"}, "call": [ { "name": "Call1", "connection": "acctAuth", "url": "https://****.****cloud.com/****Api/api/DataProvider/GetAdoDataSetForAdapter?api-version=5.2.0", "httpMethod": "POST", "httpParams": "{\"BaseWebServerUrl\": \"https://****.****cloud.com/****Web\",\"ApplicationName\": \"Dev\",\"WorkspaceName\": \"Default\",\"AdapterName\": \"REST_CALL\",\"ResultDataTableName\": \"RestAPIResults\",\"CustomSubstVarsAsCommaSeparatedPairs\": \"Method = Add, UserName = ${user.firstname} ${user.lastname}, UserEmail = ${user.email}\"}", "httpHeaders": { "Authorization": "Bearer ${connection.token}" }, "httpContentType": "application/json", "successResponses": { "statusCode": [ 201, 200 ] }, "unsuccessResponses": { "statusCode": [ 400, 401, 404, 403, 500 ] } } ]
}
08/30/2024 07:36 AM
08/30/2024 07:38 AM
Call1.message.userDetail.uniqueID
08/30/2024 07:48 AM
that's what I started with I attached it earlier
08/30/2024 07:50 AM
Share logs after wsretry of create account
08/30/2024 08:14 AM
08/30/2024 07:38 AM
@do12 trigger the import job again
08/30/2024 07:50 AM
08/30/2024 07:51 AM
@do12 that is the correct behaviour try to create new account from saviynt and see..
08/30/2024 08:57 AM
Thank you, as I've not worked on this platform for long I didn't want to run into any issues with this behaviour in the future but if you're saying its correct I'll accept it.
08/30/2024 09:02 AM - edited 08/30/2024 09:03 AM
Hi @do12 just to test everything is working like i mentioned in my previous comment.
Create an account via saviynt and then run an import job and see if it shows 2 account .. if not then it looks good.
Please click on kudos button and accept the latest solution
Thanks.
08/30/2024 09:40 AM
This is not correct behavior.
08/30/2024 09:15 AM
I followed all your steps and config and like I mentioned running import job once shows two accounts one as manually provisioned and one as Active. Then running the import job a second time sets the manually provisioned account to SUSPENDED FROM IMPORT SERVICE. Previous screenshots I supplied are still valid.
08/30/2024 09:36 AM
@do12 then that not right ..it is still creating 2 accounts .
Is account id matching for both the accounts?
08/30/2024 09:56 AM
they look identical. Here's attributes for both accounts:
ACCOUNTKEY | ACCOUNTID | ARSTASKKEY | CREATED_ON | CREATOR | DISPLAYNAME | NAME | STATUS |
142144 | cc173c5a-a6a4-4fed-86e7-b88b7c61d155 | 1876 | 30/08/2024 16:09 | System created | Saviynt OneStream7-Deleted on-08-30-2024 16:13 | SUSPENDED FROM IMPORT SERVICE | |
142150 | cc173c5a-a6a4-4fed-86e7-b88b7c61d155 | Saviynt OneStream7 | Saviynt.OneStream7@testcase.com | 1 |
08/30/2024 10:00 AM
Your account name is email in import json vs account name is name only during account creation. Please fix them
08/30/2024 12:46 PM
I've changed ImportAccountEntJSON and its working to create only one account now. However I'm unsure of how to adjust acctEntParams as entitlements are not mapping. What do I put for acctKeyField and acctIdPath now?
ImportAccountEntJSON attached and Postman response for group membership here:
08/30/2024 12:50 PM
Please create new thread for new issue
08/30/2024 12:49 PM
Hi @do12 , you haven't defined acctentparam define that ..
Do you have seperate call for each entitlement or for each account?