Saviynt Forums

avinash_16 · ‎10/05/2023

Greetings,

So, we have a requirement to create a connection to Office 365 application hosted on cloud. We followed the documentation and we're able to configure the ConnectionJSON and CreateAccountJSON for provisioning an account. We were encountering an error while trying to create an account for one of the users. Th error message is as follows:
"{"auditDetails":{"call1":[{"headers":null,"message":{"error":{"code":"Request_ResourceNotFound","message":"Resource '' does not exist or one of its queried reference-property objects are not present.","innerError":{"date":"2023-10-05T08:53:30","request-id":"######","client-request-id":"######"}}},"statusCode":404,"description":null,"status":"Failed"}]}"

I'll attach the file below.

DixshantValecha · ‎10/05/2023

Hi @avinash_16,

We are checking on this and we will keep you posted .

DixshantValecha · ‎10/06/2023

Hi @avinash_16 ,

The error message you're encountering, "Request_ResourceNotFound," typically indicates that the resource you are trying to access or manipulate does not exist or that there is a problem with the reference properties used in your request. In your specific case, it appears that the resource being referred to is not found.

Here are some steps to troubleshoot and resolve this issue:

Check for Typos or Syntax Errors: Sometimes, a simple typo or syntax error in the request payload can lead to resource not found errors. Ensure that all property names, values, and data types in your JSON payload are correct.

Verify Permissions: Ensure that the user or application making the request has the necessary permissions to create accounts or access the resource you are targeting in Office 365. Review the permissions required for the specific API or operation you are performing and make sure the user or application has been granted those permissions.

DixshantValecha · ‎10/06/2023

Hi @avinash_16

Thank you for providing the CONNECTIONJSON and CREATEACCOUNTJSON configuration. Based on the provided configuration, it appears that you are attempting to create or update user profiles in Microsoft Office 365 using the Graph API. Let's break down the configuration to identify any potential issues:

Authentication Configuration (CONNECTIONJSON):

You have defined three authentication methods (userAuth, entAuth, and SPAuth) using OAuth2.
Each authentication method specifies the necessary parameters, including client_id, client_secret, grant_type, and resource. Make sure these values are correct and correspond to your Office 365 application setup.
Create Account Configuration (CREATEACCOUNTJSON):

You have defined a single API call named "call1" that makes a POST request to the Microsoft Graph API's /v1.0/users endpoint.
The HTTP parameters for this request are constructed dynamically using placeholders ${user.displayname}, ${user.firstname}, ${user.lastname}, and ${user.username}. Ensure that these placeholders are correctly populated with the user's information before making the request.
The "Authorization" header is set to "${access_token}", which should be replaced with the actual access token obtained from the authentication method (userAuth in this case) during the runtime.
Now, let's address the error message you received:

json:-

{
"auditDetails": {
"call1": [
{
"headers": null,
"message": {
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource '' does not exist or one of its queried reference-property objects are not present."
},
"statusCode": 404,
"description": null,
"status": "Failed"
}
}
]
}
}
The error message indicates a "Request_ResourceNotFound" error. To troubleshoot this:

Ensure that the ${user.username} placeholder in the HTTP parameters is correctly populated with a valid user's UPN (User Principal Name) in the format user@domain.com.

Verify that the access token ${access_token} used in the "Authorization" header is obtained successfully from the userAuth authentication method.

Check that the Microsoft Graph API endpoint /v1.0/users is accessible and that the application identified by your client_id and client_secret has the necessary permissions to create/update users in Office 365.

Confirm that the ${user.displayname}, ${user.firstname}, and ${user.lastname} placeholders are correctly mapped to the expected properties in the request payload.

By verifying these aspects and ensuring the correctness of your request payload, you should be able to resolve the "Request_ResourceNotFound" error and successfully create or update user profiles in Office 365.

avinash_16 · ‎10/08/2023

Hello,

First, thank you for your time explaining how the workflow works. I checked through the parameters and made some changes and this time I have different error:

{"call1":{"headers":null,"message":{"error":{"code":"Request_BadRequest","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","details":[{"code":"InvalidValue","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","target":"userPrincipalName"}],"innerError":{"date":"2023-10-09T06:35:58","request-id":"21293476-b4ca-4bbf-b098-c1b83d7f52db","client-request-id":"21293476-b4ca-4bbf-b098-c1b83d7f52db"}}},"statusCode":400,"description":null,"status":"Failed"}}

I am using the correct domain name which is assigned to our tenant. Can you let me know if I need to do any changes or config in our AAD side.

Thanks in Advance,
Avinash.

DixshantValecha · ‎10/09/2023

Hi @avinash_16 ,

The error message you're seeing is related to the `userPrincipalName` property in Azure Active Directory (Azure AD). This error typically occurs when the domain portion of the `userPrincipalName` does not match any of the verified domain names in your Azure AD organization.

Here are a few things you can check:

1. **Verified Domain**: Ensure that the domain you're using in the `userPrincipalName` is a verified domain in your Azure AD tenant¹³⁵. You can check this in the Azure portal by navigating to "Azure Active Directory" > "Custom domain names". If the domain is not verified, you'll need to verify it before you can use it in a `userPrincipalName`.

2. **Correct Format**: The `userPrincipalName` should be in the format of an email address (username@domain). Make sure that the domain portion after the '@' symbol is correct and matches one of your verified domains.

3. **Sync Issues**: If you're syncing users from an on-premises Active Directory, make sure that the on-premises `userPrincipalName` matches a verified domain name in Office 365.

If you've checked all of these and are still experiencing issues, it might be best to reach out to Azure support for further assistance. They should be able to provide more specific guidance based on your system configuration.

avinash_16 · ‎10/09/2023

Okay. So, I was able to create the account successfully but now the catch is account is getting created on our Azure Active Directory but the task is still in pending state in Saviynt. And every time a new account request is created, the provisioning task runs again and shows error that the account already exists.

DixshantValecha · ‎10/09/2023

Hi @avinash_16

I kindly request your assistance in thoroughly reviewing the logs when encountering the reported issue. We would greatly appreciate your efforts in providing us with detailed information regarding any errors or observations found within the logs during the occurrence of this issue. Your assistance in this matter will significantly contribute to our troubleshooting and resolution process. Thank you for your cooperation and prompt attention to this request.

avinash_16 · ‎10/09/2023

Thank you for the responses. So, currently I am able to create an account on Azure AD side successfully. The response for the CREATEACCOUNTJSON is that the status code is a success (which is 201). But the overall status of the provisioning is failed. Because of that the tasks are still in pending and every time the provisioning job runs, the jobs run again and because of that it runs again and shows that the account already exists in AAD. I'll share the complete details within this reply. Or is there any configuration that we need to do on our Azure AD side that we're missing? Your response would be really appreciated and helpful.

avinash_16 · ‎10/10/2023

Okay. I figured out the solution. It was because if the successResponses parameter in the CREATEACCOUNTJSON. There was a custom message passed rather than the status code. Thanks for the assistance. Since now we are able to provision an account n AAD, what would be the next step to assign the Office 365 license?

Thanks,
Avinash.

DixshantValecha · ‎10/10/2023

Hi @avinash_16,

Thank you for the update. The solution has been identified. The issue was related to the 'successResponses' parameter in the 'CREATEACCOUNTJSON,' where a custom message was passed instead of the expected status code.

I kindly request that you create a separate forum post for the second request or query. This will help us address your additional requirements more efficiently. Your continued engagement and collaboration are greatly appreciated.

Saviynt Forums

REST Connection for Office 365