Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Need to pass entitlement values dynamically from the selecting in ARS into the CreateAccountJson

DG1811
New Contributor III
New Contributor III

Hi Team,

We have a rest based application integration where we need to provide the entitlement as part of the createAccount json. 

Create API payload is as below. 

{
"data": {
"email": "test@domain.com",
"tenantRoles": ["Role name selected through ARS"],
"scope": "tenant",
"fullName": "test",
"fullNameReadOnly": "true",
"twoFaEnabled": "true",
"groupReadOnly": "true",
"allowRemoteShell": "true",
"emailReadOnly": "true"
}
}

 

We are using the below json to create. 

{
"accountIdPath": "call1.message.data.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"call": [
{
"name": "call1",
"connection": "acctAuth",
"showResponse": true,
"url": "https://xxxxxxxxxxxxxxxx/web/api/v2.1/users",
"httpMethod": "POST",
"httpParams": "{\"data\": {\"email\": \"${user.email}\",\"tenantRoles\":[\"Role name selected through ARS\"],\"scope\": \"tenant\",\"fullName\":\"${arsTasks.accountName}\",\"fullNameReadOnly\": \"true\",\"twoFaEnabled\": \"true\",\"groupReadOnly\": \"true\",\"allowRemoteShell\": \"true\",\"emailReadOnly\": \"true\"}}",
"httpHeaders": {
"Authorization": "Apikey",
"Accept": "*/*"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
201,
200
]
},
"unsuccessResponses": {
"statusCode": [
401,
400,
403,
404
]
}
}
]
}

When we are hardcoding the value in the tenantroles the data is populating and looks good, and the id is also creating the user in target. But when we are trying to pull dynamically we are unable to. 

 

Please suggest us with  a CreateAccountJSON where we can pass the entitlement dynamically as given in the payload. 

 

Thanks

32 REPLIES 32

dgandhi
All-Star
All-Star
${requestAccessAttributes.get('Name of Attribute')}

Developer handbook for reference:

https://docs.saviyntcloud.com/bundle/Dev-Handbook-REST-v2020x/page/Content/Developers-Handbook.htm#p...

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

DG1811
New Contributor III
New Contributor III

hI @dgandhi ,

Thanks for the update. 
Please note we do not have any dynamic attribute, rather tenant role is a entitlement type and user need to select that. So once they select that and submit, the user request flows.

Can you please share the createaccount json format for this. In this case we need the entitlement value from the ARS to pass it in the payload.

thanks

Try below:

{task.entitlement_valueKey.entitlement_value}

${task?.entitlementValueKey?.entitlement_value}

\"summary\": \"${task.accountName+'_'+task.entitlement_valueKey.entitlement_value}\",

https://forums.saviynt.com/t5/identity-governance/add-entitlement-value-and-accountname-in-ticket-su...

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

NM
Honored Contributor II
Honored Contributor II

Hi @DG1811 , you cannot pass entitlement details in create account json

If you want to do so create a dynamic attribute, list down all the entitlement and pass the same in json

Or 

Make entitlement as required so user have to select while submitting an account request.

DG1811
New Contributor III
New Contributor III

hI @NM ,

I have pulled the entitlements in the EntitlementType Tenant  and then created a DynamicAttribute  TenantRole and mapped the entitlements present in Tenant to it.

I want to pass the entitlement ID present in CP1 of the entitlement in the attribute name . I used below format,

\"tenantRoles\": [{\"id\": \"${requestAccessAttributes.get('Customproperty1')}}]

and 

\"tenantRoles\": [{\"id\": \"${requestAccessAttributes.get('TenantRole.Customproperty1')}}]

and 

\"tenantRoles\": [{\"id\": \"${requestAccessAttributes.get('TenantRole')}}]

but while i run it, it gives me below error

"call1":{"headers":null,"message":{"errors":[{"code":4000010,"detail":"data: tenantRoles: 0: id: Not a valid Identifier., "title":"Validation Error"}]},"statusCode":400,"description":null,"status":"Failed"}

Please suggest a format to pass it.

Thanks

In same dynamic attribute show cp1 also

select entitlement_value as id, customproperty1 as inlinedescription from entitlement_values


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

rushikeshvartak
All-Star
All-Star
  • Passing entitlement value in create account json is not supported 
  • you need to create dynamic attributes for same 

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

I have pulled the entitlements in the EntitlementType Tenant  and then created a DynamicAttribute  TenantRole and mapped the entitlements present in Tenant to it.

I want to pass the entitlement ID present in CP1 of the entitlement in the attribute name . I used below format,

\"tenantRoles\": [{\"id\": \"${requestAccessAttributes.get('Customproperty1')}}]

and 

\"tenantRoles\": [{\"id\": \"${requestAccessAttributes.get('TenantRole.Customproperty1')}}]

and 

\"tenantRoles\": [{\"id\": \"${requestAccessAttributes.get('TenantRole')}}]

but while i run it, it gives me below error

"call1":{"headers":null,"message":{"errors":[{"code":4000010,"detail":"data: tenantRoles: 0: id: Not a valid Identifier., "title":"Validation Error"}]},"statusCode":400,"description":null,"status":"Failed"}

Please suggest a format to pass it.

Thanks

NM
Honored Contributor II
Honored Contributor II

@DG1811 , you can't pass id in this way..

Create one more dynamic attribute while is not editable and on the basis of selection of entitlement populate it automatically with cp1 of that entitlement.

DG1811
New Contributor III
New Contributor III

hi @NM ,

 

Okay in that case suppose i have a dynamic attribute1 where i am fetching all the entitlementvalues and that will comeup in the ars form. upon selection by the user, do you want me to create a dynamic attribute 2 which will have the parent as dynamic attribute1 and while passing the value, i will select
${requestAccessAttributes.get('dynamicattribute2')}

 

is that what you refered. Can you please guide and also please guide with an example please. 

Thanks

NM
Honored Contributor II
Honored Contributor II

Hi @DG1811 , so the flow will look something like below

1) create DA which will show all the entitlement for the application.. user will select one from it.

2) create another dynamic attribute which will have cp1 value of the entitlement selected in 1st DA

You can make it mandatory and not editable and then pass the same in json

Let me know if you have any other query.. happy to help 🙂

DG1811
New Contributor III
New Contributor III

Hi @NM ,

How can i perform the second task to pass the cp1 value, selected in the 1stDA. Will this be the config?

DG1811_0-1725643486531.png

Please help on this. 

Thanks

Refer https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter13-Access-Requests/ars-mang-...


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM
Honored Contributor II
Honored Contributor II

@DG1811 okay so ..

After selecting an entitlement from 1DA write an SQl query for DA 2

Sample 

Select customproperty1 as ID from entitlement_values where entitlement_value=${DA1 name}

DG1811
New Contributor III
New Contributor III

Hi @NM ,
But when i mark it non editable and mandatory it stops me to submit the request. 

Please validate if the below config looks good. 

Dynamicattribute1:

DG1811_0-1725644907549.png

Quesry is as below:

SELECT DISTINCT ev.entitlement_value AS ID FROM entitlement_values ev where ev.entitlementtypekey = key;

DynamicAttribute2:

DG1811_1-1725644991715.png

 

And query is as below:

SELECT DISTINCT ev.customproperty1 AS ID FROM entitlement_values ev where ev.entitlement_value = ${AllClients}

Please check and let me know if this looks good or not. Please suggest. 

Thanks

 

 

NM
Honored Contributor II
Honored Contributor II

@DG1811 add the same query in default value too for DA2 and check is DA2 is getting populated on the ARS page..

And keep mapping as action for both DA's

Share ss..

DG1811
New Contributor III
New Contributor III

Hi @NM ,

In the Submittion form it gives me this.

DG1811_0-1725645595460.png

Is this the expected behaviour? It should populate the value right.

Thanks

 

NM
Honored Contributor II
Honored Contributor II

Yes should show the value..try in data anaylzer and see if it gives any value..instead of using dynamically pass a static value of entitlement in DA2 query.

 

Also try single quotes before and after the DA name in query 

As in '${DA2 name}'

DG1811
New Contributor III
New Contributor III

Hi @NM ,
yeah that i checked, and it worked. 

DG1811_0-1725646145666.png

Thanks

NM
Honored Contributor II
Honored Contributor II

@DG1811 but not working in request form? topmost value is empty in DA

DG1811
New Contributor III
New Contributor III

hi @NM , 

Yeah. (topmost value is empty in DA) -  did not get this one, can you please elaborate.

Thanks

NM
Honored Contributor II
Honored Contributor II

@DG1811 , try with static value in DA and see if you get the result.

DG1811
New Contributor III
New Contributor III

Hi @NM ,

It doesnot allow me to submit with default value in DA2.

DG1811_0-1725647583151.png

 

 

Share both DA configs


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

@rushikeshvartak ,

I already shared in my previous comment.

thanks

NM
Honored Contributor II
Honored Contributor II

@DG1811 , chances are value is empty .. or same entitlement name exist for any other endpoint.

DG1811
New Contributor III
New Contributor III

hI @NM / @rushikeshvartak ,

Using the hardcoded value in the below query it worked .

SELECT DISTINCT ev.customproperty1 as id from entitlement_types et inner join endpoints e on et.ENDPOINTKEY=e.ENDPOINTKEY inner join entitlement_values ev on et.ENTITLEMENTTYPEKEY=ev.ENTITLEMENTTYPEKEY where e.ENDPOINTNAME='OneTrack_test' AND et.ENTITLEMENTTYPEKEY=957 AND ev.entitlement_value in ('In Touch Pharmaceuticals')

Below is the format that it shows. 

DG1811_0-1725650702358.png

I tried putting the last part as below.

ev.entitlement_value in ('${AllClients}'),

ev.entitlement_value in (${AllClients}),

ev.entitlement_value = '${AllClients}'

nothing worked, Please suggest, 

Thanks

NM
Honored Contributor II
Honored Contributor II

@DG1811 without quotes 

ev.entitlement_value = ${AllClients}

DG1811
New Contributor III
New Contributor III

Hi @NM ,

tried this too but this too did not work. 
thanks

NM
Honored Contributor II
Honored Contributor II

@DG1811 is it working for any other entitlement?

DG1811
New Contributor III
New Contributor III

Hi @NM ,

No it is not working. 

Please help with the mapping. 

Thanks

Share document with full latest configuration of both Dynamic attribute, request form view, and logs in text format


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.