Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

REST Connector - nested calls

CredenceIA_11
New Contributor III
New Contributor III

We have a requirement to get entitlement owners for entitlements via REST connector call. However, we need to make two calls - first call to get entitlements and for each entitlement, get the owner. The owner is the User Principal Name attribute and may correspond to an account with the same name.

Please advise if this can be done via the REST connector.

10 REPLIES 10

rushikeshvartak
All-Star
All-Star

Please share sample output of response


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

CredenceIA_11
New Contributor III
New Contributor III

GET /v1.0/groups?$filter=not(groupTypes/any(c:c%20eq%20%27Unified%27))%20and%20onPremisesSecurityIdentifier%20eq%20null&$count=true HTTP/1.1
ConsistencyLevel: eventual
Authorization: Bearer

HTTP/1.1 200 OK
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Type: application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
OData-Version: 4.0
Date: Tue, 28 May 2024 20:09:58 GMT

{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
"@odata.count": 3,
"value": [
{
"id": "197caae7-6349-4f5e-bf50-7248ed520a76",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2022-08-30T13:58:21Z",
"creationOptions": [],
"description": "Test OU",
"displayName": "TestOU",
"expirationDateTime": null,
"groupTypes": [],
"isAssignableToRole": null,
"mail": null,
"mailEnabled": false,
"mailNickname": "5690ab8f-1",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesDomainName": null,
"onPremisesLastSyncDateTime": null,
"onPremisesNetBiosName": null,
"onPremisesSamAccountName": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": null,
"preferredLanguage": null,
"proxyAddresses": [],
"renewedDateTime": "2022-08-30T13:58:21Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": true,
"securityIdentifier": "S-1-12-1-427600615-1331585865-1215451327-1980388077",
"theme": null,
"uniqueName": null,
"visibility": null,
"onPremisesProvisioningErrors": [],
"serviceProvisioningErrors": []
}
]
}

 


GET Group owner
GET /v1.0/groups/197caae7-6349-4f5e-bf50-7248ed520a76/owners HTTP/1.1
ConsistencyLevel: eventual
Authorization: Bearer

User-Agent: PostmanRuntime/7.38.0
Accept: */*
Cache-Control: no-cache
Host: graph.microsoft.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

HTTP/1.1 200 OK
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Type: application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: 0fd649d7-63da-4598-8501-7300188cd30d
client-request-id: 0fd649d7-63da-4598-8501-7300188cd30d
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"East US","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"MN1PEPF0000F50A"}}
x-ms-resource-unit: 1
OData-Version: 4.0
Date: Tue, 28 May 2024 20:12:37 GMT

{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
"value": [
{
"@odata.type": "#microsoft.graph.user",
"id": "884e27d9-27cd-4926-90a9-08c43654987b",
"businessPhones": [],
"displayName": "xxx",
"givenName": "xx",
"jobTitle": null,
"mail": "xxx",
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null,
"surname": "xxx",
"userPrincipalName": "xxx#EXT#@xxx.onmicrosoft.com"
}
]
}

This can be achieved using azure ad connector 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

CredenceIA_11
New Contributor III
New Contributor III

Thanks. However, we cannot use Azure AD connector as this is not bringing in the last signon date. This is why we are using REST

Refer https://docs.saviyntcloud.com/bundle/Dev-Handbook-REST-v24x/page/Content/Developers-Handbook.htm


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

CredenceIA_11
New Contributor III
New Contributor III

I did review the handbook before starting this conversation and I did not find the option to implement this there.

Refer https://forums.saviynt.com/t5/identity-governance/azure-rest-connection-giving-error-error-error-ill...


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

CredenceIA_11
New Contributor III
New Contributor III

Thanks Rushikesh. will try it out and let yu know

CredenceIA_11
New Contributor III
New Contributor III

This solution will not work as this is to get entitlement memberships and is part of accountEntParam. My ask is for "entitlementParams"  to be able to make multiple calls - first get entitlements and then for each entitlement get owners.

use  entOwnerParams

https://docs.saviyntcloud.com/bundle/Dev-Handbook-REST-v24x/page/Content/Developers-Handbook.htm 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.