Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need help to import Intune Device ID from endpoint.microsoft.com

Go to solution
mollasiraj
Regular Contributor
Regular Contributor

‎04/18/2023 07:46 AM

Hi All,

Actually we are trying to achieve the device retire usecase through Saviynt.I set Up post for that and from postman device retire is working fine but If I want setup the same into saviynt then I need the Intune Device ID.Can anyone help me out for getting the Intune Device ID.Below is the postman setup-

Enpoint Url :https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{IntuneDeviceID}/retire

Method : Post

Authorization : Bearer Token

If I am hitting the above setup after putting Intune Device ID in the Url I am getting - 204 No content.I can see device also retire successfully-

mollasiraj_0-1681829114088.png

Please let me know how we can import Intune Device ID in saviynt account table.

With Regards,

Siraj Molla

0 Kudos
9 REPLIES 9

Go to solution
timchengappa
Saviynt Employee
Saviynt Employee

‎04/18/2023 02:47 PM

Hi @mollasiraj 

In order to achieve this use case, you will first need to create a connection in Saviynt using a REST connector and then import all users who have an 'IntuneDeviceID' as Accounts into a Saviynt endpoint.

Is there an API that provides you with a full list of all users who has an 'IntuneDeviceID'? You can use this API in the ImportAccountJSON section of the REST connector to import the data. Be sure to map the 'IntuneDeviceID' to either Saviynt Account's name or to any of Saviynt Account's custom properties, that way you can pass the 'IntuneDeviceID' from Saviynt at the time of device retirement.

Ref: https://saviynt.com/integrations/
In this link, you can look up 'Microsoft Intune' which will take you to examples and samples of how to set up a connection, etc. 

Ref: https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Configuring-the-Integration-for-Importin...
This is a link for our REST connector documentation specifically around configuring Account import.

Ref: https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Developers-Handbook.htm
This is a link to some additional JSON samples for the REST connector

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star

‎04/18/2023 07:58 PM

Please share current ImportAccountEntJSON


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
mollasiraj
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎04/19/2023 12:44 AM

For AzureAD account import we are using below json-

{
"acctLabels": {
"customproperty1": "FirstName",
"customproperty2": "LastName",
"customproperty3": "OfficePhone",
"customproperty4": "Email",
"customproperty5": "MailNickName",
"customproperty10": "AccountStatus",
"customproperty20": "EmployeeID",
"customproperty6":"customproperty6"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "userPrincipalName~#~char",
"displayName": "displayName~#~char",
"customproperty1": "givenName~#~char",
"customproperty2": "surname~#~char",
"customproperty3": "businessPhone~#~char",
"customproperty4": "mail~#~char",
"customproperty5": "mailNickname~#~char",
"customproperty10": "accountEnabled~#~char",
"customproperty20": "employeeId~#~char",
"customproperty6":"manager~#~char"

}
}

0 Kudos

Go to solution
mollasiraj
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎05/09/2023 11:25 PM

Hi Rushikesh,

I created a Rest connector for importing the Intune Device ID from Graph API.I check in postman I am getting Intune Device ID but when I run the import job from Saviynt for importing the Intune Device Id I am getting the invalid record not process error from log.Below is the ImportAccountEntJSON that I am using - 

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200,
201
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
404,
405,
500
]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "name",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"colsToPropsMap": {
"accountID": "userId~#~char",
"name": "userPrincipalName~#~char",
"displayName": "userDisplayName~#~char",
"customproperty1": "id~#~char",
"status": "accountEnabled~#~char"
}
}
}
},
"entitlementParams": {},
"acctEntParams": {}
}

Below is the error -2023-05-09T21:13:01+05:30-ecm-worker-{"log":"2023-05-09 15:43:00,447 [quartzScheduler_Worker-3] ERROR rest.RestProvisioningService - Invalid record not processed

Please let me know how this issue can be fixed.

With Regards,

Siraj Molla

0 Kudos

Go to solution
timchengappa
Saviynt Employee
Saviynt Employee

‎04/25/2023 02:44 PM

Hi @mollasiraj 

Please refer to my previous comment to achieve this use case and let me know if you have any further questions...

0 Kudos

Go to solution
mollasiraj
Regular Contributor
Regular Contributor
In response to timchengappa

‎06/08/2023 12:59 AM

Hi  timchengappa

Below is the Json that I am using for importing the Intune Device Id-

ImportAccountEntJSON-

{
"showLogs": true,
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200,
201
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
404,
405,
500
]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"acctLabels": {
"customproperty1": "FirstName"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "id~#~char",
"displayName": "userPrincipalName~#~char",
"customproperty1": "userId~#~char"

}
}
}
},
"userResponsePath": "value",
"pagination": {
"nextUrl": {
"nextUrlPath": "${(response?.completeResponseMap?.get('@odata.nextLink')==null)? null : response?.completeResponseMap?.get('@odata.nextLink')}"
}
},
"entitlementParams": {},
"acctEntParams": {}
}

Now it's importing the Intune Device ID.

With Regards,

Siraj Molla

0 Kudos

Go to solution
sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎06/13/2023 08:41 PM

Hello @mollasiraj,

Could you kindly confirm whether the problem has been resolved and if you successfully imported the Intune Device ID into the Saviynt account table?

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
mollasiraj
Regular Contributor
Regular Contributor
In response to sudeshjaiswal

‎06/13/2023 11:45 PM

Hi Sudeshjaiswal,

Below is the Json that I am using for importing Intune device ID as a account in saviynt and then when we are triggering the enterprise wipe as per our usecase-

ImportAccountEntJSON-

{
"showLogs": true,
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200,
201
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
404,
405,
500
]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"acctLabels": {
"customproperty1": "FirstName"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "id~#~char",
"displayName": "userPrincipalName~#~char",
"customproperty1": "userId~#~char"

}
}
}
},
"userResponsePath": "value",
"pagination": {
"nextUrl": {
"nextUrlPath": "${(response?.completeResponseMap?.get('@odata.nextLink')==null)? null : response?.completeResponseMap?.get('@odata.nextLink')}"
}
},
"entitlementParams": {},
"acctEntParams": {}
}

Below is the update account json that we are using for enterprise wipe-

{
"call": [{
"name": "call1",
"connection": "acctAuth",
"url": "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/${account.accountID}/retire",
"httpMethod": "POST",
"httpParams": "",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [200, 201, 204, 205]
}
}]
}

I tested using the above I can see device retire is working fine.

With Regards,

Siraj Molla

Go to solution
sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎06/13/2023 11:46 PM

@mollasiraj Thanks for the confirmation!

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos
Copyright © 2024 Khoros, LLC