and more in a single search tool across platforms. Read the announcement here. |
04/18/2023 07:46 AM
Hi All,
Actually we are trying to achieve the device retire usecase through Saviynt.I set Up post for that and from postman device retire is working fine but If I want setup the same into saviynt then I need the Intune Device ID.Can anyone help me out for getting the Intune Device ID.Below is the postman setup-
Enpoint Url :https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{IntuneDeviceID}/retire
Method : Post
Authorization : Bearer Token
If I am hitting the above setup after putting Intune Device ID in the Url I am getting - 204 No content.I can see device also retire successfully-
Please let me know how we can import Intune Device ID in saviynt account table.
With Regards,
Siraj Molla
Solved! Go to Solution.
04/18/2023 02:47 PM
Hi @mollasiraj
In order to achieve this use case, you will first need to create a connection in Saviynt using a REST connector and then import all users who have an 'IntuneDeviceID' as Accounts into a Saviynt endpoint.
Is there an API that provides you with a full list of all users who has an 'IntuneDeviceID'? You can use this API in the ImportAccountJSON section of the REST connector to import the data. Be sure to map the 'IntuneDeviceID' to either Saviynt Account's name or to any of Saviynt Account's custom properties, that way you can pass the 'IntuneDeviceID' from Saviynt at the time of device retirement.
Ref: https://saviynt.com/integrations/
In this link, you can look up 'Microsoft Intune' which will take you to examples and samples of how to set up a connection, etc.
Ref: https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Configuring-the-Integration-for-Importin...
This is a link for our REST connector documentation specifically around configuring Account import.
Ref: https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Developers-Handbook.htm
This is a link to some additional JSON samples for the REST connector
04/18/2023 07:58 PM
Please share current ImportAccountEntJSON
04/19/2023 12:44 AM
For AzureAD account import we are using below json-
{
"acctLabels": {
"customproperty1": "FirstName",
"customproperty2": "LastName",
"customproperty3": "OfficePhone",
"customproperty4": "Email",
"customproperty5": "MailNickName",
"customproperty10": "AccountStatus",
"customproperty20": "EmployeeID",
"customproperty6":"customproperty6"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"displayName": "displayName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty3": "businessPhone~#~char",
"customproperty4": "mail~#~char",
"customproperty5": "mailNickname~#~char",
"customproperty10": "accountEnabled~#~char",
"customproperty20": "employeeId~#~char",
"customproperty6":"manager~#~char"
}
}
05/09/2023 11:25 PM
Hi Rushikesh,
I created a Rest connector for importing the Intune Device ID from Graph API.I check in postman I am getting Intune Device ID but when I run the import job from Saviynt for importing the Intune Device Id I am getting the invalid record not process error from log.Below is the ImportAccountEntJSON that I am using -
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200,
201
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
404,
405,
500
]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "name",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"colsToPropsMap": {
"accountID": "userId~#~char",
"name": "userPrincipalName~#~char",
"displayName": "userDisplayName~#~char",
"customproperty1": "id~#~char",
"status": "accountEnabled~#~char"
}
}
}
},
"entitlementParams": {},
"acctEntParams": {}
}
Below is the error -2023-05-09T21:13:01+05:30-ecm-worker-{"log":"2023-05-09 15:43:00,447 [quartzScheduler_Worker-3] ERROR rest.RestProvisioningService - Invalid record not processed
Please let me know how this issue can be fixed.
With Regards,
Siraj Molla
04/25/2023 02:44 PM
Hi @mollasiraj
Please refer to my previous comment to achieve this use case and let me know if you have any further questions...
06/08/2023 12:59 AM
Hi timchengappa
Below is the Json that I am using for importing the Intune Device Id-
ImportAccountEntJSON-
{
"showLogs": true,
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200,
201
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
404,
405,
500
]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"acctLabels": {
"customproperty1": "FirstName"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "id~#~char",
"displayName": "userPrincipalName~#~char",
"customproperty1": "userId~#~char"
}
}
}
},
"userResponsePath": "value",
"pagination": {
"nextUrl": {
"nextUrlPath": "${(response?.completeResponseMap?.get('@odata.nextLink')==null)? null : response?.completeResponseMap?.get('@odata.nextLink')}"
}
},
"entitlementParams": {},
"acctEntParams": {}
}
Now it's importing the Intune Device ID.
With Regards,
Siraj Molla
06/13/2023 08:41 PM
Hello @mollasiraj,
Could you kindly confirm whether the problem has been resolved and if you successfully imported the Intune Device ID into the Saviynt account table?
Thanks,
06/13/2023 11:45 PM
Hi Sudeshjaiswal,
Below is the Json that I am using for importing Intune device ID as a account in saviynt and then when we are triggering the enterprise wipe as per our usecase-
ImportAccountEntJSON-
{
"showLogs": true,
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200,
201
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
404,
405,
500
]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"acctLabels": {
"customproperty1": "FirstName"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "id~#~char",
"displayName": "userPrincipalName~#~char",
"customproperty1": "userId~#~char"
}
}
}
},
"userResponsePath": "value",
"pagination": {
"nextUrl": {
"nextUrlPath": "${(response?.completeResponseMap?.get('@odata.nextLink')==null)? null : response?.completeResponseMap?.get('@odata.nextLink')}"
}
},
"entitlementParams": {},
"acctEntParams": {}
}
Below is the update account json that we are using for enterprise wipe-
{
"call": [{
"name": "call1",
"connection": "acctAuth",
"url": "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/${account.accountID}/retire",
"httpMethod": "POST",
"httpParams": "",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [200, 201, 204, 205]
}
}]
}
I tested using the above I can see device retire is working fine.
With Regards,
Siraj Molla
06/13/2023 11:46 PM
@mollasiraj Thanks for the confirmation!