Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

REST - ImportAccountEntJSON Unable to Import Multiple Entitlement Types

Go to solution
mmomin-xalient
New Contributor III
New Contributor III

‎05/24/2024 11:44 AM - last edited on ‎05/24/2024 01:48 PM by Community Manager

Hello,

I configured accountParams with intent to import the account and create entitlements and association with the account. However, I am running into two issues:

1. It is successfully completing but only creating entitlements for Security Role. However, CP31 is getting updated with entids but it is not mapping the account to entitlement. 

2. Team ent type is getting created on Endpoint but it is not creating any entitlements in Saviynt. 

I am not sure what is going wrong. 

ImportAccountEntJSON:

{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"statusAndThresholdConfig": {
"deleteLinks": true,
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "http://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:8080/saviynt-dev/api/UserManagement/GetActiveUsers",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"name": "#CONST#${String acctName = response.domainname; acctName = acctName.split('\\\\\\\\')[1]; return acctName}~#~char",
"customproperty1": "fullname~#~char",
"customproperty2": "firstname~#~char",
"customproperty3": "lastname~#~char",
"customproperty4": "internalemailaddress~#~char"
},
"disableDeletedAccounts": true
},
"call2": {
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "http://XXXXXXXXXXXXXXXXXXXXXXXXXXX:8080/saviynt-dev/api/UserManagement/GetUser",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GETWITHBODY",
"httpParams": "{\"UserId\":\"${accountName}\"}"
},
"inputParams": {
"dependentCall": true
},
"listField": "",
"keyField": "accountID",
"nextApiKeyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"Security Role": {
"importAsEntitlement": true,
"listPath": "systemuserroles_association",
"idPath": "roleid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "roleid~#~char",
"entitlementID": "roleid~#~char",
"displayname": "name~#~char"
}
},
"Team": {
"importAsEntitlement": true,
"listPath": "teammembership_association",
"idPath": "roleid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "roleid~#~char",
"entitlementID": "roleid~#~char",
"displayname": "name~#~char"
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}

 

call1 API response:

{
    "value": [
        {
            "firstname": "Aisha",
            "lastname": "XX",
            "fullname": "Aisha XX",
            "systemuserid": "3f4c9923-b8a0-ed11-a87d-00505684cdbc",
            "domainname": "DOMAIN\\30094374",
            "internalemailaddress": "Aisha.XX@DOMAIN.com"
        },
        {
            "firstname": "Karisa",
            "lastname": "XX",
            "fullname": "Karisa XX",
            "systemuserid": "55d2c315-baa0-ed11-a87d-00505684cdbc",
            "domainname": "DOMAIN\\30088776",
            "internalemailaddress": "Karisa.XXX@DOMAIN.com"
        }
]
}

call2 API response:

{
    "firstname": "Karisa",
    "lastname": "XX",
    "fullname": "Karisa XX",
    "systemuserid": "f6736842-d8a0-ed11-a87d-00505684cdbc",
    "domainname": "DOMAIN\\30088776",
    "internalemailaddress": "Karisa.XXX@DOMAIN.com",
    "systemuserroles_association": [
        {
            "roleid": "e5ce7a0c-9f96-e211-8c76-002219521014",
            "name": "Back-Up Contact Center Base"
        },
        {
            "roleid": "b94d696e-4fb9-ea11-a85f-005056840741",
            "name": "Backup Care SPOG"
        },
        {
            "roleid": "25755b6f-7296-ea11-a83a-00505684790b",
            "name": "Consultant Article Viewer"
        },
        {
            "roleid": "6b564317-36e3-e111-8aef-0050568b60d0",
            "name": "System Administrator"
        }
    ],
    "teammembership_association": [
        {
            "teamid": "417f438b-d5a8-e211-b806-002219521014",
            "name": "Back-Up Contact Center Team"
        }
    ]
}

[This post has been edited by a Moderator to remove sensitive information.]

Labels:
0 Kudos
4 REPLIES 4

Go to solution
NM
Honored Contributor III
Honored Contributor III

‎05/24/2024 09:42 PM

Try the highlighted change once..

},

"inputParams": {

"dependentCall": true

},

"listField": "",

"keyField": "accountID",

"nextApiKeyField": "accountID",

"colsToPropsMap": {

"accountID": "systemuserid~#~char",

"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"

}

}

},

"acctEntMappings": {

"Security Role": {

"importAsEntitlement": true,

"listPath": "systemuserroles_association",

"idPath": "roleid",

"keyField": "entitlementID",

"colsToPropsMap": {

"entitlement_value": "roleid~#~char",

"entitlementID": "roleid~#~char",

"displayname": "name~#~char"

}

},

"Team": {

"importAsEntitlement": true,

"listPath": "teammembership_association",

"idPath": "roleid",

"keyField": "entitlementID",

"colsToPropsMap": {

"entitlement_value": "teamid~#~char",

"entitlementID": "teamid~#~char",

"displayname": "name~#~char"

}

}

}

},

"acctEntParams": {

"processingType": "acctToEntMapping"

}

}


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

Go to solution
mmomin-xalient
New Contributor III
New Contributor III
In response to NM

‎05/25/2024 10:02 AM

Hello,

Thank you for pointing that out. I was completely overlooking the teamid in that array and thinking it was roldid. Now Team entitlement Type and entitlement associated with that type are created. However, still not able to map the account and Entitlement. Now the CP31 has about Team and Security Role but still not able to map it. Here is one of the account's CP31 value.

{"Security Role":{"entIds":["bcd25023-a796-e211-8c76-002219521014","9c1a3309-c596-e211-8c76-002219521014","de9cd1e8-670a-e311-9d31-002219521014","f0e9d490-c62f-e311-b55e-002219521014","8d356f73-b25b-e211-bb38-002219521014","859cb5a2-f587-e511-aea5-00505684371f","76e43af0-f587-e511-aea5-00505684371f","61646485-0acd-e111-9401-0050568b1373","7ac89859-7245-e211-a69d-0050568b783d","c93676b5-7445-e211-a69d-0050568b783d","25684d85-7645-e211-a69d-0050568b783d","98070346-5684-e311-ae91-005056991899"],"keyField":"entitlementID"}}

Here is the updated JSON.

JSON:
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"statusAndThresholdConfig": {
"deleteLinks": true,
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "http://xxxxxxxxxxxxxxxxxxxx:8080/saviynt-dev/api/UserManagement/GetActiveUsers",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"name": "#CONST#${String acctName = response.domainname; acctName = acctName.split('\\\\\\\\')[1]; return acctName}~#~char",
"customproperty1": "fullname~#~char",
"customproperty2": "firstname~#~char",
"customproperty3": "lastname~#~char",
"customproperty4": "internalemailaddress~#~char"
},
"disableDeletedAccounts": true
},
"call2": {
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "http://xxxxxxxxxxxxxxxxxxxxxxxxxxxx:8080/saviynt-dev/api/UserManagement/GetUser",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GETWITHBODY",
"httpParams": "{\"UserId\":\"${accountName}\"}"
},
"inputParams": {
"dependentCall": true
},
"listField": "",
"keyField": "accountID",
"nextApiKeyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"Security Role": {
"importAsEntitlement": true,
"listPath": "systemuserroles_association",
"idPath": "roleid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "roleid~#~char",
"entitlementID": "roleid~#~char",
"displayname": "name~#~char"
}
},
"Team": {
"importAsEntitlement": true,
"listPath": "teammembership_association",
"idPath": "teamid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "teamid~#~char",
"entitlementID": "teamid~#~char",
"displayname": "name~#~char"
}
}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}

0 Kudos

Go to solution
mmomin-xalient
New Contributor III
New Contributor III

‎05/25/2024 11:19 AM

I got it working. Seems entitlementParams was mandatory for this to be working. Here is my updated JSON, Ran the account import first then ran the access import and it worked like a charm.

JSON:
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"successResponses": {
"statusCode": [
200,
201,
202,
203,
204,
205
]
},
"statusAndThresholdConfig": {
"deleteLinks": true,
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": true
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "http://xxxxxxxxxxxxxxxxxxxxxx:8080/saviynt-dev/api/UserManagement/GetActiveUsers",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "value",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"name": "#CONST#${String acctName = response.domainname; acctName = acctName.split('\\\\\\\\')[1]; return acctName}~#~char",
"displayname": "fullname~#~char",
"comments": "domainname~#~char",
"customproperty1": "firstname~#~char",
"customproperty2": "lastname~#~char",
"customproperty3": "internalemailaddress~#~char"
},
"disableDeletedAccounts": true
},
"call2": {
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "http://xxxxxxxxxxxxxxxxxxxxxxxxxx:8080/saviynt-dev/api/UserManagement/GetUser",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"httpMethod": "GETWITHBODY",
"httpParams": "{\"UserId\":\"${accountName}\"}"
},
"inputParams": {
"dependentCall": true
},
"listField": "",
"keyField": "accountID",
"nextApiKeyField": "accountID",
"colsToPropsMap": {
"accountID": "systemuserid~#~char",
"customproperty31": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}
}
},
"acctEntMappings": {
"Security Role": {
"importAsEntitlement": true,
"listPath": "systemuserroles_association",
"idPath": "roleid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "roleid~#~char",
"entitlementID": "roleid~#~char",
"displayname": "name~#~char"
}
},
"Team": {
"importAsEntitlement": true,
"listPath": "teammembership_association",
"idPath": "teamid",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlement_value": "teamid~#~char",
"entitlementID": "teamid~#~char",
"displayname": "name~#~char"
}
}
}
},
"entitlementParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"entTypes": {
"Security Role": {},
"Team": {}
}
},
"acctEntParams": {
"processingType": "acctToEntMapping"
}
}

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to mmomin-xalient

‎05/26/2024 08:59 AM

If you don’t have entitlement mapping separate api then also entitlementParams block is mandatory .

👍Please click the 'Accept As Solution' button on the reply (or replies) that best answered your original question.


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC