Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/24/2024 11:44 AM - last edited on 05/24/2024 01:48 PM by Dave
Hello,
I configured accountParams with intent to import the account and create entitlements and association with the account. However, I am running into two issues:
1. It is successfully completing but only creating entitlements for Security Role. However, CP31 is getting updated with entids but it is not mapping the account to entitlement.
2. Team ent type is getting created on Endpoint but it is not creating any entitlements in Saviynt.
I am not sure what is going wrong.
ImportAccountEntJSON:
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"statusAndThresholdConfig": {
"deleteLinks": true,
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "http://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:8080/saviynt-dev/api/UserManagement/GetActiveUsers",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"name": "#CONST#${String acctName = response.domainname; acctName = acctName.split('\\\\\\\\')[1]; return acctName}~#~char",
"customproperty1": "fullname~#~char",
"customproperty2": "firstname~#~char",
"customproperty3": "lastname~#~char",
"customproperty4": "internalemailaddress~#~char"
},
"disableDeletedAccounts": true
},
"call2": {
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "http://XXXXXXXXXXXXXXXXXXXXXXXXXXX:8080/saviynt-dev/api/UserManagement/GetUser",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GETWITHBODY",
"httpParams": "{\"UserId\":\"${accountName}\"}"
},
"inputParams": {
"dependentCall": true
},
"listField": "",
"keyField": "accountID",
"nextApiKeyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"Security Role": {
"importAsEntitlement": true,
"listPath": "systemuserroles_association",
"idPath": "roleid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "roleid~#~char",
"entitlementID": "roleid~#~char",
"displayname": "name~#~char"
}
},
"Team": {
"importAsEntitlement": true,
"listPath": "teammembership_association",
"idPath": "roleid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "roleid~#~char",
"entitlementID": "roleid~#~char",
"displayname": "name~#~char"
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}
call1 API response:
call2 API response:
[This post has been edited by a Moderator to remove sensitive information.]
Solved! Go to Solution.
05/24/2024 09:42 PM
Try the highlighted change once..
},
"inputParams": {
"dependentCall": true
},
"listField": "",
"keyField": "accountID",
"nextApiKeyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"Security Role": {
"importAsEntitlement": true,
"listPath": "systemuserroles_association",
"idPath": "roleid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "roleid~#~char",
"entitlementID": "roleid~#~char",
"displayname": "name~#~char"
}
},
"Team": {
"importAsEntitlement": true,
"listPath": "teammembership_association",
"idPath": "roleid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "teamid~#~char",
"entitlementID": "teamid~#~char",
"displayname": "name~#~char"
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}
05/25/2024 10:02 AM
Hello,
Thank you for pointing that out. I was completely overlooking the teamid in that array and thinking it was roldid. Now Team entitlement Type and entitlement associated with that type are created. However, still not able to map the account and Entitlement. Now the CP31 has about Team and Security Role but still not able to map it. Here is one of the account's CP31 value.
{"Security Role":{"entIds":["bcd25023-a796-e211-8c76-002219521014","9c1a3309-c596-e211-8c76-002219521014","de9cd1e8-670a-e311-9d31-002219521014","f0e9d490-c62f-e311-b55e-002219521014","8d356f73-b25b-e211-bb38-002219521014","859cb5a2-f587-e511-aea5-00505684371f","76e43af0-f587-e511-aea5-00505684371f","61646485-0acd-e111-9401-0050568b1373","7ac89859-7245-e211-a69d-0050568b783d","c93676b5-7445-e211-a69d-0050568b783d","25684d85-7645-e211-a69d-0050568b783d","98070346-5684-e311-ae91-005056991899"],"keyField":"entitlementID"}}
Here is the updated JSON.
JSON:
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"statusAndThresholdConfig": {
"deleteLinks": true,
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "http://xxxxxxxxxxxxxxxxxxxx:8080/saviynt-dev/api/UserManagement/GetActiveUsers",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"name": "#CONST#${String acctName = response.domainname; acctName = acctName.split('\\\\\\\\')[1]; return acctName}~#~char",
"customproperty1": "fullname~#~char",
"customproperty2": "firstname~#~char",
"customproperty3": "lastname~#~char",
"customproperty4": "internalemailaddress~#~char"
},
"disableDeletedAccounts": true
},
"call2": {
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "http://xxxxxxxxxxxxxxxxxxxxxxxxxxxx:8080/saviynt-dev/api/UserManagement/GetUser",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GETWITHBODY",
"httpParams": "{\"UserId\":\"${accountName}\"}"
},
"inputParams": {
"dependentCall": true
},
"listField": "",
"keyField": "accountID",
"nextApiKeyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"Security Role": {
"importAsEntitlement": true,
"listPath": "systemuserroles_association",
"idPath": "roleid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "roleid~#~char",
"entitlementID": "roleid~#~char",
"displayname": "name~#~char"
}
},
"Team": {
"importAsEntitlement": true,
"listPath": "teammembership_association",
"idPath": "teamid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "teamid~#~char",
"entitlementID": "teamid~#~char",
"displayname": "name~#~char"
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}
05/25/2024 11:19 AM
I got it working. Seems entitlementParams was mandatory for this to be working. Here is my updated JSON, Ran the account import first then ran the access import and it worked like a charm.
JSON:
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"statusAndThresholdConfig": {
"deleteLinks": true,
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "http://xxxxxxxxxxxxxxxxxxxxxx:8080/saviynt-dev/api/UserManagement/GetActiveUsers",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"name": "#CONST#${String acctName = response.domainname; acctName = acctName.split('\\\\\\\\')[1]; return acctName}~#~char",
"displayname": "fullname~#~char",
"comments": "domainname~#~char",
"customproperty1": "firstname~#~char",
"customproperty2": "lastname~#~char",
"customproperty3": "internalemailaddress~#~char"
},
"disableDeletedAccounts": true
},
"call2": {
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "http://xxxxxxxxxxxxxxxxxxxxxxxxxx:8080/saviynt-dev/api/UserManagement/GetUser",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GETWITHBODY",
"httpParams": "{\"UserId\":\"${accountName}\"}"
},
"inputParams": {
"dependentCall": true
},
"listField": "",
"keyField": "accountID",
"nextApiKeyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"Security Role": {
"importAsEntitlement": true,
"listPath": "systemuserroles_association",
"idPath": "roleid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "roleid~#~char",
"entitlementID": "roleid~#~char",
"displayname": "name~#~char"
}
},
"Team": {
"importAsEntitlement": true,
"listPath": "teammembership_association",
"idPath": "teamid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "teamid~#~char",
"entitlementID": "teamid~#~char",
"displayname": "name~#~char"
}
}
}
},
"entitlementParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Security Role": {},
"Team": {}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}
05/26/2024 08:59 AM
If you don’t have entitlement mapping separate api then also entitlementParams block is mandatory .
✅👍Please click the 'Accept As Solution' button on the reply (or replies) that best answered your original question.