Saviynt Forums

rohitkumarraj · ‎06/09/2022

Team,

I am using below JSON to import accounts using REST Connector. Somehow accounts which are deleted in target system are not being marked as 'Suspended from Import Service' or 'Deleted On --' in Saviynt.

I am not sure if I am missing anything here, Have compared with few other working JSON but no luck.

************************************

ImportAccountEntJSON:

{
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty3",
"activeStatus": [
"true",
"active"
],
"deleteLinks": true,
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": true,
"deleteAccEntForActiveAccounts": true
},
"includeExistingInActiveAccounts": true,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "URL",
"httpHeaders": {
"contentType": "application/json",
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"successResponses": {
"statusCode": [
200,
201,
200,
204
]
},
"unsuccessResponses": {
"statusCode": [
400,
403,
401,
404,
409,
501,
500
]
},
"listField": "entities",
"keyField": "accountID",
"statusConfig": {
"active": "active",
"inactive": "inactive"
},
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "name~#~char",
"displayName": "name~#~char",
"customproperty1": "version~#~char",
"customproperty2": "email~#~char",
"customproperty3": "state~#~char",
"status": "state~#~char",
"customproperty4": "username~#~char",
"customproperty5": "id~#~char",
"customproperty6": "division.id~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.completeResponseMap?.nextUri==null?null:response.completeResponseMap.nextUri}"
}
}
}
}
},
"entitlementParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Group": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "URL",
"httpHeaders": {
"contentType": "application/json",
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"successResponses": {
"statusCode": [
200,
201,
200,
204
]
},
"unsuccessResponses": {
"statusCode": [
400,
403,
401,
404,
409,
501,
500
]
},
"statusConfig": {
"active": "active",
"inactive": "inactive"
},
"listField": "entities",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "name~#~char",
"displayname": "name~#~char",
"customproperty1": "id~#~char",
"customproperty2": "version~#~char",
"customproperty3": "memberCount~#~char",
"status": "state~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.completeResponseMap?.nextUri==null?null:response.completeResponseMap.nextUri}"
}
},
"disableDeletedEntitlements": true
}
}
}
}
},
"acctEntParams": {
"connection": "userAuth",
"entTypes": {
"Group": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpEntToAcct",
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "URL",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "entities",
"entKeyField": "entitlementID",
"acctIdPath": "id",
"acctKeyField": "accountID"
}
}
}
}
}
}

*******************************************************

I have tried with "inactivateAccountsNotInFile": false also but no help!

Can anyone guide me what's wrong/missing in the JSON?

Thanks

Rohit

avinashchhetri · ‎06/09/2022

Hello Rohit,

At a glance, your statusAndThresholdConfig parameters seems fine.

Is this the first time you are importing from this target or have you done that before ? If the latter, I'd suggest to check the logs and see if the deleted accounts exceeds the number in your accountThresholdValue due to which the connector may not be marking the accounts as per your expectation.

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri

rohitkumarraj · ‎06/13/2022

Hello @avinashchhetri,

I have ran account import many times before this for this application. It never suspended 'deleted' accounts in target. Only makes it inactive.

Other thing which you asked about threshold value, I think that should not be an issue as we have just some ~10 accounts which are deleted in target system. And i have given accountThresholdValue=1000. So this looks fine!

Just want to share something:

when I made "inactivateAccountsNotInFile": false and tried then all(active/inactive/deleted) accounts got deleted in Saviynt with status as 'Suspended from Import Service'. This is not expected in real for all type of accounts. But not sure what changes has to be made to suspend only deleted accounts in target.

Let me know if you want me to try something else.

Thanks

Rohit

sagars · ‎06/09/2022

@rohitkumarraj ,

Remove the entire statusAndThresholdConfig section from ImportAccountEntJSON JSON and put it in the "STATUS_THRESHOLD_CONFIG" section of the REST Connector and try it.

On top of it check the Import account logs end part where this statusthreshold part should get triggered as part of troubleshooting.

Regards,

Sagar Srikantaiah

rohitkumarraj · ‎06/12/2022

HI @sagars

I have already added same set of line in status and threshold config section as well. But no help.

Some observation would like to share: when made "inactivateAccountsNotInFile": false and tried then all accounts got deleted in Saviynt with status as 'Suspended from Import Service'. This is not expected in real for all type of accounts. But not sure what changes has to be made to suspend only deleted accounts in target.

Thanks

Rohit

sagars · ‎06/13/2022

@rohitkumarraj ,

Couple of questions

1. Did the "customproperty3": "state~#~char", is getting populated in saviynt with "active/true" values? is it representing the application account status correctly?

2. What you seen in the logs at the end of the Import Job?

please try below options.

1. Remove completely the statusthreshold config and status config part from ImportAccountEntJSON:

2. Place just the status threshold config details in the statusAndThresholdConfig section of the REST Connector and perform the Import.

Regards,
Sagar Srikantaiah

rohitkumarraj · ‎06/15/2022

Hi Sagar,

- Yes CP3 is populated with correct status.

- At the end of the Job I am getting a success response with no error.

please try below options.

1. Remove completely the statusthreshold config and status config part from ImportAccountEntJSON: Done.

2. Place just the status threshold config details in the statusAndThresholdConfig section of the REST Connector and perform the Import. - Tried still same.

*****************************************************************

However, I want to highlight one thing which I observed - When account is getting deleted in target system, It is not a hard delete, It's just a change of status to deleted. Basically target system has three different status value(Active/Inactive/Deleted).

Now, when Saviynt trying to import accounts, It is fetching deleted accounts as well which has 'deleted' status but in Saviynt getting marked as 'Inactive' and not deleted. Is it expected behavior?

If I want to mark target accounts with state 'deleted' to 'Deleted/Suspended' in Saviynt, What need to be done? Pls note, Account status has changed to 'deleted' and not really has been deleted in the target application. That is the behavior of target application.

Thanks

Rohit

avinashchhetri · ‎06/15/2022

Hi Rohit,

In Saviynt, "Suspended from Import Service" is an account status specfically reserved for accounts which are "physically deleted" in the target which also means that these accounts are not returned in the subsequent full reconciliations. Off course, this is a bit complicated but as a rule of thumb, the above statement stands true.

In your case, the account does exist in the target, and is reconciled in the import, albiet with a deleted status.

If your API supports filters, perhaps you can configure to import only those accounts where account status is either Active or Inactive. This config change should/will mark the accounts (with deleted status in the target system) in Saviynt as "Suspended from Import Service" as these accounts are not retrieved in the reconciliation.

There are a few things that you will have to keep in mind.

1) These accounts that are marked as deleted in your target system, do they ever get "enabled" or "activated" ? Does you target allow accounts to be created with the same account name ?

If Yes, then this approach might not work as Saviynt will try to create a brand new account (possibly with the same account name) and your target might now allow it.

Hope this helps.

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri

rohitkumarraj · ‎06/20/2022

Thanks @avinashchhetri for the explanation.

Yes, there is a possibilities when users gets Rehire after Notice period is over and gets previous networkID, then application team may want to just enable the 'deleted' account for that user.

I see this as a challenge. Let me discuss this with the application team if we don't delete it and just keep it Inactive to make it work in above said scenario.

Thanks

Rohit

Saviynt Forums

REST Connector - Deleted Account Not getting Suspended in Saviynt