Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Reconcile AzureAD Application Entitlments owners using rest connector

Kanchan1
New Contributor
New Contributor

Hi All,

We have integrated AZureAD using rest connector for some specific reason.

Here, we have reconciled Application Entitlments using the following api

 "url": "https://graph.microsoft.com/v1.0/applications?$select=id,appid,displayname,createdDateTime"

This works fine. But we also nee to reconcile its owners using the following api

https://graph.microsoft.com/v1.0/applications(Id='xxxxxxxxxxxxxxxxx')/owners

How is it possible to implement.

I have tried the following but it is not working for following reason

  1. {id} i.e iteration is not working. Is this supported for enetitlments?
  2. If I hardcode one application ID, further the mapping of  entIdPath is not avaialble in the response

 

"entOwnerParams": {
"connection": "userAuth",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"unsuccessResponses": null,
"doNotChangeIfFailed": true,
"entTypes": {
"Application": {
"call": {
"call1": {
"processingType": "httpOwner",
"connection": "userAuth",
"showJobHistory": true,
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://graph.microsoft.com/v1.0/applications(Id='${id}')/owners",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"Accept": "application/json"
}
},
"listField": "value",
"entIdPath": "id",
"ownerIdPath": "mail",
"ownerKeyField": "email",
"entKeyField": "entitlementID"
}
}
}
}
}

 

4 REPLIES 4

adarshk
Saviynt Employee
Saviynt Employee

Validate if UPN and Email is populated correctly for owners. 

refer the below block for AAD Owners Import:

 "AADGroupOwners": {
      "colsToPropsMap": {
        "entitlementID": "id~#~char",
        "entitlement_value": "displayName~#~char",
        "customproperty14": "ownerIdList~#~char",
        "customproperty15": "ownerTypeList~#~char"
      }
    }

rushikeshvartak
All-Star
All-Star

Does httpOwner processIngType is supported?

@adarshk  ask is rest Connector not Azure AD


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Kanchan1
New Contributor
New Contributor

@rushikeshvartak  I guess it is supported. Becuase when I hardcoed the {id} as stated in the point 2 above, it invokes the api to retrieve owners but futher it is not able to map as the reposne to do not contain entitlement details.

Share logs


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.