Saviynt Forums

Adithya · ‎07/25/2024

Hi Saviynt Team,

Unable to reconcile entitlement owner information in REST. I have entitlement owner information only in "Get Groups API". Could someone please guide me?

Attached are the import account JSON and get groups API response for your reference. Appreciate your response at the earliest.

rushikeshvartak · ‎07/25/2024

Refer https://docs.saviyntcloud.com/bundle/Azure-AD-B2C-Integration-Guide/page/Content/Understanding-Integ...

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Adithya · ‎07/28/2024

Hi @rushikeshvartak and Team, I have developed below import account json but still entitlement owner data is not getting reconciled. Could you please help me?

{
"globalSettings": {
"dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"showResponse": true,
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty1",
"activeStatus": [
"Active"
],
"deleteLinks": true,
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false
},
"includeExistingInActiveAccounts": true,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xyz365.com/api/scim/Users?pageSize=100&pageNumber=1",
"httpMethod": "GET",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json"
},
"listField": "resources",
"keyField": "accountID",
"colsToPropsMap": {
"name": "userName~#~char",
"accountID": "id~#~char",
"displayName": "displayName~#~char",
"status": "status~#~char",
"customproperty1": "status~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.objectList?.size()>0?'https://xyz365.com/api/scim/Users?pageSize=100&pageNumber='+Math.addExact(response.completeResponseM...}"
}
}
}
},
"acctEntMappings": {
"Group": {
"listPath": "groups.value",
"idPath": "",
"keyField": "entitlementID"
}
}
},
"entitlementParams": {
"connection": "userAuth",
"showResponse": true,
"processingType": "SequentialAndIterative",
"entTypes": {
"Group": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xyz365.com/api/scim/Groups?pageSize=100&pageNumber=1",
"httpMethod": "GET",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json"
},
"listField": "resources",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"displayname": "displayName~#~char",
"status": "status~#~char",
"customproperty1": "owner.upn~#~char",
"acctEntMappingInfoColumnFromEnt": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"disableDeletedEntitlements": true
}
},
"entOwnerMappings": {
"listField": "resources.owner",
"idPath": "upn",
"keyField": "customproperty16"
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
},
"entOwnerParams": {
"connection": "userAuth",
"entTypes": {
"Group": {
"call": {
"call1": {
"processingType": "httpOwner",
"connection": "userAuth",
"showJobHistory": true,
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xyz365.com/api/scim/Groups?pageSize=100&pageNumber=1",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"Accept": "application/json",
"Authorization": "${access_token}"
}
},
"listField": "resources",
"entIdPath": "id",
"ownerIdPath": "owner.upn",
"ownerKeyField": "customproperty16",
"entKeyField": "entitlementID"
}
}
}
}
}
}

NM · ‎07/28/2024

Hi @Adithya ,

try this

"entOwnerMappings": {
"listField": "owner",
"idPath": "upn",
"keyField": "customproperty16"
}
}
}

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Adithya · ‎07/28/2024

Hi @NM

It is still same. I don't see owner information in Saviynt.

NM · ‎07/28/2024

can you share API response.

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Adithya · ‎07/29/2024

Hi @NM

PFA. Thanks

[This message has been edited by moderator to mask sensitive info]

NM · ‎07/29/2024

@Adithya , try this

{
"globalSettings": {
"dateFormat": "yyyy-MM-dd'T'HH:mm:ss"
},
"accountParams": {
"connection": "userAuth",
"showResponse": true,
"processingType": "SequentialAndIterative",
"statusAndThresholdConfig": {
"statusColumn": "customproperty1",
"activeStatus": [
"Active"
],
"deleteLinks": true,
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false
},
"includeExistingInActiveAccounts": true,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xyz365.com/api/scim/Users?pageSize=100&pageNumber=1",
"httpMethod": "GET",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json"
},
"listField": "resources",
"keyField": "accountID",
"colsToPropsMap": {
"name": "userName~#~char",
"accountID": "id~#~char",
"displayName": "displayName~#~char",
"status": "status~#~char",
"customproperty1": "status~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"pagination": {
"nextUrl": {
"nextUrlPath": "${response?.objectList?.size()>0?'https://xyz365.com/api/scim/Users?pageSize=100&pageNumber='+Math.addExact(response.completeResponseM...}"
}
}
}
},
"acctEntMappings": {
"Group": {
"listPath": "groups.value",
"idPath": "",
"keyField": "entitlementID"
}
}
},
"entitlementParams": {
"connection": "userAuth",
"showResponse": true,
"processingType": "SequentialAndIterative",
"entTypes": {
"Group": {
"entTypeOrder": 0,
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xyz365.com/api/scim/Groups?pageSize=100&pageNumber=1",
"httpMethod": "GET",
"httpParams": "{}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json"
},
"listField": "resources",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "displayName~#~char",
"displayname": "displayName~#~char",
"status": "status~#~char",
"customproperty1": "owner.upn~#~char",
"acctEntMappingInfoColumnFromEnt": "STORE#ACC#ENT#MAPPINGINFO~#~char"
},
"disableDeletedEntitlements": true
}
},
"entOwnerMappings": {
"listField": "",
"idPath": "owner.upn",
"keyField": "email"
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
},
"entOwnerParams": {
"connection": "userAuth",
"entTypes": {
"Group": {
"call": {
"call1": {
"processingType": "httpOwner",
"connection": "userAuth",
"showJobHistory": true,
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xyz365.com/api/scim/Groups?pageSize=100&pageNumber=1",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"Accept": "application/json",
"Authorization": "${access_token}"
}
},
"listField": "resources",
"entIdPath": "id",
"ownerIdPath": "owner.upn",
"ownerKeyField": "email",
"entKeyField": "entitlementID"
}
}
}
}
}
}

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Adithya · ‎07/29/2024

Hi @NM

It is still same. I don't see owner information in Saviynt.

NM · ‎07/29/2024

share customproperty31 for an entitlement

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Adithya · ‎07/29/2024

It is blank.

NM · ‎07/29/2024

share result from data analyzer

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Adithya · ‎07/29/2024

It is same.

NM · ‎07/29/2024

share logs.

account, entitlement and account entitlement mapping is working fine?

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Adithya · ‎07/29/2024

accounts, entitlements and act-ent mapping working as expected.

rushikeshvartak · ‎07/29/2024

Please share logs after running access import job

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Adithya · ‎08/05/2024

Hi @rushikeshvartak and Saviynt Team

I successfully reconciled the entitlement owner information into Saviynt. PFA the JSON file for your reference . However, I noticed that Saviynt is, by default, assigning all the entitlement owners as Rank 1.

QQ> Is there a configuration that allows us to set the entitlement owner as the "Primary Certifier" during target reconciliation in Saviynt, instead of having to update it manually?

Appreciate your response at the earliest. Thanks.

rushikeshvartak · ‎08/05/2024

Only Rank 1 is supported.

Raise similar idea like this for REST https://ideas.saviynt.com/ideas/EIC-I-4358

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM · ‎08/05/2024

Hi @Adithya , no there is no config ootb using entitlement owner json

Can you also share the json which worked.. will help other for reference

One attached doesn't contain entitlementowner param

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Adithya · ‎08/05/2024

Hi @rushikeshvartak @NM Thanks for the confirmation.

@NM Please refer entitlementParams section where I have also added entOwnerMappings.

Saviynt Forums

REST Connector - Unable to reconcile entitlement owner details to Saviynt