Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Okta REST connection - Import groups to accounts association

soumya_deep
New Contributor
New Contributor

‎08/10/2023 03:21 AM

Hello Team, 

 We are trying to import Okta users, groups and user-group association from Okta using REST APIs. We are able to pull in users and groups but the association is not working. We are using the below ImportAccntEnt JSON : 

 

{
"accountParams": {
"connection": "acctAuth",
"createUsers": false,
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"accountThresholdValue": 250000,
"deleteLinks": true,
"correlateInactiveAccounts": false,
"accountsNotInImportAction": "SUSPEND",
"statusColumn": "customproperty6",
"activeStatus": [
"ACTIVE",
"STAGED",
"PROVISIONED",
"RECOVERY",
"LOCKED_OUT",
"PASSWORD_EXPIRED"
]
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxx/api/v1/users",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "profile.email~#~char",
"customproperty1": "profile.firstName~#~char",
"customproperty2": "profile.lastName~#~char",
"customproperty3": "profile.email~#~char",
"customproperty4": "profile.secondEmail~#~char",
"customproperty5": "profile.mobilePhone~#~char",
"customproperty6": "status~#~char",
"customproperty7": "profile.CustomTWID~#~char"
},
"disableDeletedAccounts": true
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [200]
},
"entTypes": {
"Groups": {
"entTypeOrder": 0,
"entTypeLabels": {
"customproperty1": "Distinguished Name",
"customproperty2": "samAccountName",
"customproperty3": "GroupType"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxx/api/v1/groups",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "profile.name~#~char",
"description": "profile.description~#~char",
"displayname": "profile.name~#~char",
"customproperty1": "profile.dn~#~char",
"customproperty2": "profile.samAccountName~#~char",
"customproperty3": "profile.groupType~#~char"
}
}
}
}

}
},
"acctEntParams": {
"connection": "acctAuth",
"successResponses": {
"statusCode": [
200
]
},
"entTypes": {
"Groups": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpEntToAcct",
"http": {
"url": "https://xxx/api/v1/groups/${id}/users",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"entKeyField": "",
"acctIdPath": "id",
"acctKeyField": "accountID"
}
}
}

}
}
}

0 Kudos
4 REPLIES 4

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎08/13/2023 10:52 PM

Hello @soumya_deep,

Can you please provide the postman response.

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

soumya_deep
New Contributor
New Contributor

‎08/14/2023 04:06 AM

Hello Sudesh,

  Postman sample response for the https://xxx/api/v1/groups/${id}/users call :

{
"id": "userid_value",
"status": "ACTIVE",
"created": "2021-06-24T00:08:32.000Z",
"activated": "2023-07-27T10:04:37.000Z",
"statusChanged": "2023-07-27T10:04:37.000Z",
"lastLogin": null,
"lastUpdated": "2023-08-08T16:26:55.000Z",
"passwordChanged": null,
"type": {
"id": "non_relevantID"
},
"profile": {
"lastName": "xxx",
"zipCode": "C1065AAI",
"ImmutableID": "xxx",
"city": "Buenos Aires",
"displayName": "xxx",
"ObjectGUIDMapping": "xxx",
"dn": "xxx",
"title": "Scheduler Logger",
"login": "xxx@test.com",
"employeeStatus": "Regular",
"employeeNumber": "xxx",
"LegacyEmail": "xxx@test.com",
"division": "TBS",
"UPN": "xxx@test.com",
"countryCode": "AR",
"company": "Gto_Arg_Logmanagement",
"state": "BUA",
"department": "GTO_Arg_LogManagement",
"email": "xxx@test.com",
"CustomDN": "xxx.com",
"sAMAccountName": "xxx",
"CustomTWID": "xxx",
"CustomEA5": "employee",
"secondEmail": null,
"extensionAttribute8": "Primary",
"managerId": "xxx",
"co": "ARGENTINA",
"whenChanged": "2023-08-07T15:29:40.000Z",
"CustomDivision": "TBS",
"LegacyUPN": "xxx@test.com",
"firstName": "xxx",
"mobilePhone": null,
"streetAddress": "Defensa 599 Floor 1065 - Ciudad de Buenos",
"ProxyEmailAddresses": [],
"ADPWDLastSet": "2022-04-04T14:18:54+0000"
},
"credentials": {
"provider": {
"type": "ACTIVE_DIRECTORY",
"name": "xxx.com"
}
},
"_links": {
"self": {
"href": "https://xxx.com/api/v1/users/userid_value"
}
}
}

0 Kudos

rakesh_iam
New Contributor
New Contributor

‎08/28/2023 04:27 AM

Hi @soumya_deep ,

Did you find a solution to the above problem? We are also facing the same issue at the moment where we can bring accounts and entitlements but not the associations.

Also, Have you tried pulling the Okta group to Role association?

Thanks,

Rakesh

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎09/10/2023 10:15 PM

Hello @soumya_deep,

Can you please enable the show logs, in the import json, And check the logs where it is failing.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos
Copyright © 2024 Khoros, LLC