Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

REST Connector Access Import

Go to solution
fullmoon_rout
New Contributor III
New Contributor III

‎08/07/2024 04:18 PM

Hi Team,

We are using REST Connector to import accounts and access from PeopleSoft Financials App. 

Account and Access Import works fine, but the account to entitlement mapping is not working correctly and all the accounts are getting all the entitlements mapped to them. Below is the JSON we have used, the postman response from each API call (one for account import, other for entitlement import): We have tried different processing types in the acctEntParams in JSON like httpEntToAcct, entToAcctMapping, acctToEntMapping but nothing gives correct result.

ImportAccountEntJSON:

{
  "accountParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
	"statusAndThresholdConfig": {
      "deleteLinks": true,
      "accountThresholdValue": 10,
      "correlateInactiveAccounts": true,
      "inactivateAccountsNotInFile": true,
      "deleteAccEntForActiveAccounts": true
    },
    "call": {
      "call1": {
        "callOrder": 0,
        "http": {
          "url": "https://h.uat.psft.***********************.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/***********************_SAVIYNT_UAR_USERS/JSON/NONFILE?isconnectedquery=n&maxrows=0&json_resp=true",
          "httpHeaders": {
            "Authorization": "${access_token}",
            "Accept": "application/json"
          },
          "httpContentType": "application/json",
          "httpMethod": "GET"
        },
        "listField": "data.query.rows",
        "keyField": "accountID",
		"statusConfig": {
			"active": "0",
			"inactive": "1"
		},
        "colsToPropsMap": {
          "accountID": "OPRID~#~char",
          "name": "OPRID~#~char",
          "status": "ACCTLOCK~#~char",
          "displayName": "OPRDEFNDESC~#~char",
          "customproperty1": "USERIDALIAS~#~char",
		  "customproperty2": "EMAILID~#~char"
          },
        "makeProcessingStatus": false,
        "disableDeletedAccounts": true
      }
    }
  },
  "entitlementParams": {
		"connection": "acctAuth",
		"processingType": "SequentialAndIterative",
		"entTypes": {
			"Role": {
				"entTypeOrder": 0,
				"call": {
				  "call1": {
						"callOrder": 0,
						"http": {
							"httpHeaders": {
							"Authorization": "${access_token}"
							},
							"url": "https://h.uat.psft.***********************.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/***********************_SAVIYNT_UAR_ROLES/JSON/NONFILE?isconnectedquery=n&maxrows=0&json_resp=true",
							"httpContentType": "application/json",
							"httpMethod": "GET"
						},
						"listField": "data.query.rows",
						"keyField": "entitlementID",
						"colsToPropsMap": {
							"entitlementID": "ROLENAME~#~char",
							"entitlement_value": "ROLENAME~#~char",
							"displayname": "DESCR~#~char",
							"description": "DESCR~#~char",
							"acctEntMappingInfoColumnFromEnt": "STORE#ACC#ENT#MAPPINGINFO~#~char"
						},
						"disableDeletedEntitlements": true
					}
				}
			}
		}
	},
  "acctEntParams": {
		"processingType": "httpEntToAcct",
		"entTypes": {
			"Role": {
				"call": {
					"call1": {
						"connection": "acctAuth",
						"callOrder": 0,
						"stageNumber": 0,
						"http": {
							"httpHeaders": {
								"Authorization": "${access_token}"
							},
							"url": "https://h.uat.psft.***********************.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/***********************_SAVIYNT_UAR_ROLES/JSON/NONFILE?isconnectedquery=n&maxrows=0&json_resp=true",
							"httpContentType": "application/json",
							"httpMethod": "GET"
						},
						"listField": "data.query.rows",
						"entKeyField": "entitlementID",
						"acctIdPath": "OPRID",
						"acctKeyField": "accountID"
					}
				}
			}
		}
	}
}

Postman Response for GET Accounts:

{
    "status": "success",
    "data": {
        "query": {
            "numrows": 5082,
            "queryname=": "*******_SAVIYNT_UAR_USERS",
            "rows": [
                {
                    "attr:rownumber": 1,
                    "OPRID": "058644",
                    "USERIDALIAS": "UNLINKED-rsddls",
                    "OPRDEFNDESC": "Deborah Lynne Spiller",
                    "EMAILID": "spillerd@test.gov.au",
                    "ACCTLOCK": 0
                },
                {
                    "attr:rownumber": 2,
                    "OPRID": "072243",
                    "USERIDALIAS": "UNLINKED-cboeaw",
                    "OPRDEFNDESC": "Elizabeth Ann Widdicombe",
                    "EMAILID": "widdicombel@test.gov.au",
                    "ACCTLOCK": 0
                }
            ]
        }
    }
}

Postman Response for GET Entitlements with account mapping:

{
    "status": "success",
    "data": {
        "query": {
            "numrows": 5009,
            "queryname=": "******_SAVIYNT_UAR_ROLES",
            "rows": [
                {
                    "attr:rownumber": 1,
                    "OPRID": "058644",
                    "USERIDALIAS": "UNLINKED-rsddls",
                    "OPRDEFNDESC": "Deborah Lynne Spiller",
                    "EMPLID": "058644",
                    "ACCTLOCK": 1,
                    "ROLENAME": "TEST_EMPLOYEE",
                    "DESCR": "F/H: Employee"
                },
                {
                    "attr:rownumber": 2,
                    "OPRID": "072243",
                    "USERIDALIAS": "UNLINKED-cboeaw",
                    "OPRDEFNDESC": ""Elizabeth Ann Widdicombe",
                    "EMPLID": "072243",
                    "ACCTLOCK": 1,
                    "ROLENAME": "TEST_TOIL_PLAN",
                    "DESCR": "H: Time Off in Lieu of OT"
                }
            ]
        }
    }
}

Regards,

Fullmoon

 

Labels:
0 Kudos
8 REPLIES 8

Go to solution
rushikeshvartak
All-Star
All-Star

‎08/07/2024 05:41 PM

Does emprid and operid is same ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
fullmoon_rout
New Contributor III
New Contributor III

‎08/07/2024 05:44 PM

Hi Rushikesh, 

Yes they have same value, I am able to resolve it by adding below in acctEntParams :
"acctEntParams": {
"entTypes": {
"Role": {
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"call": {
"call1": {
"processingType": "http",
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://h.uat.psft.****.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/****_SAVIY...",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "data.query.rows",
"acctIdPath": "OPRID",
"entIdPath": "ROLENAME"
}
}
}
}
}
But the issue now is the inactive accounts do not get any entitlements mapped to them even if i have below in status threshold config:
{
"statusAndThresholdConfig": {
"deleteLinks": false,
"accountThresholdValue": 10,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true,
"inactivateEntsNotInFeed": true,
"entThresholdValue": {
"entType": {
"Role": {
"ent": 100
}
}
}
}
}

 

Regards,

Fullmoon

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to fullmoon_rout

‎08/07/2024 05:47 PM

Remove "deleteAccEntForActiveAccounts": true,


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
fullmoon_rout
New Contributor III
New Contributor III

‎08/07/2024 05:53 PM

Hi Rushikesh,

I removed it, still not getting entitlement tagged to the inactive accounts - for e.g below:

fullmoon_rout_0-1723078370142.png

 

From Postman :

fullmoon_rout_1-1723078412250.png

Regards,

Fullmoon

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to fullmoon_rout

‎08/07/2024 06:01 PM

Remove status threshold and try


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
fullmoon_rout
New Contributor III
New Contributor III

‎08/07/2024 06:13 PM

hi Rushikesh,

I removed the status threshold, still not mapping. May be it is Saviynt's default behavior not to map entitlements to Inactive accounts ?

How do we change that?

Regards,

Fullmoon

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to fullmoon_rout

‎08/07/2024 06:16 PM

Its default  behavior


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
fullmoon_rout
New Contributor III
New Contributor III
In response to rushikeshvartak

‎08/07/2024 06:33 PM

Hi Rushikesh,

Even if it is default behaviour, the same can be changed by using below in ImportAccountEntJSON which resolved my issue :
"includeExistingInActiveAccounts": true

I got this information from the release notes of Saviynt, but these details are not present in the REST Connector Guide. Request you to please ask the documentation team add the above information in the JSON Example page so that will be helpful.

Below is the JSON i am using, and the status threshold:

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"includeExistingInActiveAccounts": true,
"call": {
"call1": {
"callOrder": 0,
"http": {
"url": "https://h.uat.psft.******.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/******_S...",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "data.query.rows",
"keyField": "accountID",
"statusConfig": {
"active": "0",
"inactive": "1"
},
"colsToPropsMap": {
"accountID": "OPRID~#~char",
"name": "OPRID~#~char",
"status": "ACCTLOCK~#~char",
"displayName": "OPRDEFNDESC~#~char",
"customproperty1": "USERIDALIAS~#~char",
"customproperty2": "EMAILID~#~char"
},
"makeProcessingStatus": false,
"disableDeletedAccounts": true
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Role": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://h.uat.psft.******.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/******_S...",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "data.query.rows",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "ROLENAME~#~char",
"entitlement_value": "ROLENAME~#~char",
"displayname": "DESCR~#~char",
"description": "DESCR~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"entTypes": {
"Role": {
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"call": {
"call1": {
"processingType": "http",
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://h.uat.psft.******.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/******_S...",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "data.query.rows",
"acctIdPath": "OPRID",
"entIdPath": "ROLENAME"
}
}
}
}
}
}

 

Status Threshold config:
{
"statusAndThresholdConfig": {
"deleteLinks": false,
"accountThresholdValue": 100,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": true,
"inactivateEntsNotInFeed": true,
"deleteAccEntForActiveAccounts": true,
"entThresholdValue": {
"entType": {
"Role": {
"ent": 100
}
}
}
}
}

Regards,
Fullmoon

 

0 Kudos
Copyright © 2024 Khoros, LLC