Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

REST Connector Access Import

fullmoon_rout
New Contributor III
New Contributor III

Hi Team,

We are using REST Connector to import accounts and access from PeopleSoft Financials App. 

Account and Access Import works fine, but the account to entitlement mapping is not working correctly and all the accounts are getting all the entitlements mapped to them. Below is the JSON we have used, the postman response from each API call (one for account import, other for entitlement import): We have tried different processing types in the acctEntParams in JSON like httpEntToAcct, entToAcctMapping, acctToEntMapping but nothing gives correct result.

ImportAccountEntJSON:

{
  "accountParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
	"statusAndThresholdConfig": {
      "deleteLinks": true,
      "accountThresholdValue": 10,
      "correlateInactiveAccounts": true,
      "inactivateAccountsNotInFile": true,
      "deleteAccEntForActiveAccounts": true
    },
    "call": {
      "call1": {
        "callOrder": 0,
        "http": {
          "url": "https://h.uat.psft.***********************.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/***********************_SAVIYNT_UAR_USERS/JSON/NONFILE?isconnectedquery=n&maxrows=0&json_resp=true",
          "httpHeaders": {
            "Authorization": "${access_token}",
            "Accept": "application/json"
          },
          "httpContentType": "application/json",
          "httpMethod": "GET"
        },
        "listField": "data.query.rows",
        "keyField": "accountID",
		"statusConfig": {
			"active": "0",
			"inactive": "1"
		},
        "colsToPropsMap": {
          "accountID": "OPRID~#~char",
          "name": "OPRID~#~char",
          "status": "ACCTLOCK~#~char",
          "displayName": "OPRDEFNDESC~#~char",
          "customproperty1": "USERIDALIAS~#~char",
		  "customproperty2": "EMAILID~#~char"
          },
        "makeProcessingStatus": false,
        "disableDeletedAccounts": true
      }
    }
  },
  "entitlementParams": {
		"connection": "acctAuth",
		"processingType": "SequentialAndIterative",
		"entTypes": {
			"Role": {
				"entTypeOrder": 0,
				"call": {
				  "call1": {
						"callOrder": 0,
						"http": {
							"httpHeaders": {
							"Authorization": "${access_token}"
							},
							"url": "https://h.uat.psft.***********************.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/***********************_SAVIYNT_UAR_ROLES/JSON/NONFILE?isconnectedquery=n&maxrows=0&json_resp=true",
							"httpContentType": "application/json",
							"httpMethod": "GET"
						},
						"listField": "data.query.rows",
						"keyField": "entitlementID",
						"colsToPropsMap": {
							"entitlementID": "ROLENAME~#~char",
							"entitlement_value": "ROLENAME~#~char",
							"displayname": "DESCR~#~char",
							"description": "DESCR~#~char",
							"acctEntMappingInfoColumnFromEnt": "STORE#ACC#ENT#MAPPINGINFO~#~char"
						},
						"disableDeletedEntitlements": true
					}
				}
			}
		}
	},
  "acctEntParams": {
		"processingType": "httpEntToAcct",
		"entTypes": {
			"Role": {
				"call": {
					"call1": {
						"connection": "acctAuth",
						"callOrder": 0,
						"stageNumber": 0,
						"http": {
							"httpHeaders": {
								"Authorization": "${access_token}"
							},
							"url": "https://h.uat.psft.***********************.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/***********************_SAVIYNT_UAR_ROLES/JSON/NONFILE?isconnectedquery=n&maxrows=0&json_resp=true",
							"httpContentType": "application/json",
							"httpMethod": "GET"
						},
						"listField": "data.query.rows",
						"entKeyField": "entitlementID",
						"acctIdPath": "OPRID",
						"acctKeyField": "accountID"
					}
				}
			}
		}
	}
}

Postman Response for GET Accounts:

{
    "status": "success",
    "data": {
        "query": {
            "numrows": 5082,
            "queryname=": "*******_SAVIYNT_UAR_USERS",
            "rows": [
                {
                    "attr:rownumber": 1,
                    "OPRID": "058644",
                    "USERIDALIAS": "UNLINKED-rsddls",
                    "OPRDEFNDESC": "Deborah Lynne Spiller",
                    "EMAILID": "spillerd@test.gov.au",
                    "ACCTLOCK": 0
                },
                {
                    "attr:rownumber": 2,
                    "OPRID": "072243",
                    "USERIDALIAS": "UNLINKED-cboeaw",
                    "OPRDEFNDESC": "Elizabeth Ann Widdicombe",
                    "EMAILID": "widdicombel@test.gov.au",
                    "ACCTLOCK": 0
                }
            ]
        }
    }
}

Postman Response for GET Entitlements with account mapping:

{
    "status": "success",
    "data": {
        "query": {
            "numrows": 5009,
            "queryname=": "******_SAVIYNT_UAR_ROLES",
            "rows": [
                {
                    "attr:rownumber": 1,
                    "OPRID": "058644",
                    "USERIDALIAS": "UNLINKED-rsddls",
                    "OPRDEFNDESC": "Deborah Lynne Spiller",
                    "EMPLID": "058644",
                    "ACCTLOCK": 1,
                    "ROLENAME": "TEST_EMPLOYEE",
                    "DESCR": "F/H: Employee"
                },
                {
                    "attr:rownumber": 2,
                    "OPRID": "072243",
                    "USERIDALIAS": "UNLINKED-cboeaw",
                    "OPRDEFNDESC": ""Elizabeth Ann Widdicombe",
                    "EMPLID": "072243",
                    "ACCTLOCK": 1,
                    "ROLENAME": "TEST_TOIL_PLAN",
                    "DESCR": "H: Time Off in Lieu of OT"
                }
            ]
        }
    }
}

Regards,

Fullmoon

 

8 REPLIES 8

rushikeshvartak
All-Star
All-Star

Does emprid and operid is same ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

fullmoon_rout
New Contributor III
New Contributor III

Hi Rushikesh, 

Yes they have same value, I am able to resolve it by adding below in acctEntParams :
"acctEntParams": {
"entTypes": {
"Role": {
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"call": {
"call1": {
"processingType": "http",
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://h.uat.psft.****.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/****_SAVIY...",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "data.query.rows",
"acctIdPath": "OPRID",
"entIdPath": "ROLENAME"
}
}
}
}
}
But the issue now is the inactive accounts do not get any entitlements mapped to them even if i have below in status threshold config:
{
"statusAndThresholdConfig": {
"deleteLinks": false,
"accountThresholdValue": 10,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true,
"inactivateEntsNotInFeed": true,
"entThresholdValue": {
"entType": {
"Role": {
"ent": 100
}
}
}
}
}

 

Regards,

Fullmoon

Remove "deleteAccEntForActiveAccounts": true,


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

fullmoon_rout
New Contributor III
New Contributor III

Hi Rushikesh,

I removed it, still not getting entitlement tagged to the inactive accounts - for e.g below:

fullmoon_rout_0-1723078370142.png

 

From Postman :

fullmoon_rout_1-1723078412250.png

Regards,

Fullmoon

Remove status threshold and try


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

fullmoon_rout
New Contributor III
New Contributor III

hi Rushikesh,

I removed the status threshold, still not mapping. May be it is Saviynt's default behavior not to map entitlements to Inactive accounts ?

How do we change that?

Regards,

Fullmoon

Its default  behavior


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi Rushikesh,

Even if it is default behaviour, the same can be changed by using below in ImportAccountEntJSON which resolved my issue :
"includeExistingInActiveAccounts": true

I got this information from the release notes of Saviynt, but these details are not present in the REST Connector Guide. Request you to please ask the documentation team add the above information in the JSON Example page so that will be helpful.

Below is the JSON i am using, and the status threshold:

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"includeExistingInActiveAccounts": true,
"call": {
"call1": {
"callOrder": 0,
"http": {
"url": "https://h.uat.psft.******.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/******_S...",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "data.query.rows",
"keyField": "accountID",
"statusConfig": {
"active": "0",
"inactive": "1"
},
"colsToPropsMap": {
"accountID": "OPRID~#~char",
"name": "OPRID~#~char",
"status": "ACCTLOCK~#~char",
"displayName": "OPRDEFNDESC~#~char",
"customproperty1": "USERIDALIAS~#~char",
"customproperty2": "EMAILID~#~char"
},
"makeProcessingStatus": false,
"disableDeletedAccounts": true
}
}
},
"entitlementParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Role": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://h.uat.psft.******.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/******_S...",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "data.query.rows",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "ROLENAME~#~char",
"entitlement_value": "ROLENAME~#~char",
"displayname": "DESCR~#~char",
"description": "DESCR~#~char"
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"entTypes": {
"Role": {
"acctKeyField": "accountID",
"entKeyField": "entitlementID",
"call": {
"call1": {
"processingType": "http",
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://h.uat.psft.******.gov.au/PSIGW/RESTListeningConnector/H92UAT/ExecuteQuery.v1/PUBLIC/******_S...",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "data.query.rows",
"acctIdPath": "OPRID",
"entIdPath": "ROLENAME"
}
}
}
}
}
}

 

Status Threshold config:
{
"statusAndThresholdConfig": {
"deleteLinks": false,
"accountThresholdValue": 100,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": true,
"inactivateEntsNotInFeed": true,
"deleteAccEntForActiveAccounts": true,
"entThresholdValue": {
"entType": {
"Role": {
"ent": 100
}
}
}
}
}

Regards,
Fullmoon