We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

REST - Importing Access Details from the Users API

piyushm
Regular Contributor II
Regular Contributor II

Hello,

We have an integration with REST based application. The application has only users API where the resultset has userdetails and within userdetails there is entitlements object. 

 

1. Is there a way to retrieve the entitlements. If so, what will be the format? - In this case, I want to extract "RoleId" and "OfficeId" or concatenate RoleId-OfficeId during import.

I have tried -->

"listField": "userDetails",
"keyField": "entitlementID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"colsToPropsMap": {
"entitlementID": "EntitlementDetails.roleId~#~char",
"entitlement_value": "EntitlementDetails.roleId~#~char",

 But its not getting imported.

2. How can I associate accounts with entitlements in this case?

The sample response is as follows.

{

"UserDetails": [
{
"userNumber": 1234,
"userId": "1234",
"firstName": "ABCD",
"lastName": "WXYZ",
"status": "AC",
"dateCreated": "2003-11-26T14:01:56-04:00",
"userCreated": "system",
"email": "xxxxxxx",
"versionNumber": "0",
"phone": "1234567890",
"lastUpdated": "2022-01-28T15:52:37-04:00",
"userLocation": "XXX",
"Login": "XXX",
"EntitlementDetails": [
{
"userNumber": 1234,
"officeID": "123",
"roleID": "wxy",
"userCreated": "xxxx",
"dateCreated": "2021-04-23T13:42:59-04:00",
"versionNumber": "0",
"primary": "N",
"default": "N"
},
{
"userNumber": 1234,
"officeID": "456",
"roleID": "wxy",
"userCreated": "xxxx",
"dateCreated": "2021-04-23T13:42:59-04:00",
"versionNumber": "0",
"primary": "N",
"default": "Y"
},
{
"userNumber": 1234,
"officeID": "567",
"roleID": "ABCD",
"userCreated": "xxxx",
"dateCreated": "2013-05-07T17:07:06-04:00",
"versionNumber": "0",
"primary": "Y",
"default": "Y"
},
{
"userNumber": 1234,
"officeID": "567",
"roleID": "WXY",
"userCreated": "xxxx",
"dateCreated": "2013-05-07T17:07:06-04:00",
"versionNumber": "0",
"primary": "N",
"default": "Y"
},
{
"userNumber": 1234,
"officeID": "772",
"roleID": "CLNT",
"userCreated": "xxxx",
"dateCreated": "2013-05-07T17:07:06-04:00",
"versionNumber": "0",
"primary": "N",
"default": "Y"
},
{
"userNumber": 1234,
"officeID": "432",
"roleID": "WXZ",
"userCreated": "xxxx",
"dateCreated": "2013-05-07T17:07:06-04:00",
"versionNumber": "0",
"primary": "N",
"default": "Y"
}
]
}

]

}

10 REPLIES 10

SB
Saviynt Employee
Saviynt Employee

Can you share the complete Import JSON you are using. Also, confirm if you want to import RoleID or OfficeId as the entitlement.

Concatenating both values as 1 Entitlement will not work as it will cause issues with Provisioning.  


Regards,
Sahil

piyushm
Regular Contributor II
Regular Contributor II

Please find below the import json.   The end goal is to have an entitlement created as "RoleId-officeId". For provisioning, the entitlement can be split it into 2 and presented to the user to select as 2 different attributes with single select dropdowns which can then be pushed to the target. Right now, the issue is how to get these ents imported/created in saviynt and then mapping those entitlements with the accounts.

 

{
"accountParams": {
"connection": "adAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxxxxxx/users",
"httpHeaders": {
"Authorization": "Basic XXXXX"
},
"httpContentType": "application/json",
"httpMethod": "POST",
"httpParams": "{\"transactionId\": \"xxxx\",\"offset\": 0}"
},

"statusConfig": {
"active": "AC",
"inactive": "IN"
},
"statusAndThresholdConfig": {
"statusColumn": "customproperty7",
"activeStatus": [
"AC"
],
"correlateInactiveAccounts": true
},
"listField": "userDetails",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "userNumber~#~char",
"name": "userId~#~char",
"status": "status~#~char",
"customproperty1": "userNumber~#~char",
"customproperty2": "firstName~#~char",
"customproperty3": "middle_name~#~char",
"customproperty4": "lastName~#~char",
"customproperty5": "email~#~char",
"customproperty6": "Login~#~char",
"customproperty7": "status~#~char"

}

 

}
}
},

"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"Role": {
"entTypeOrder": 0,
"call": {
"call1": {
"connection": "adAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "Basic XXXXX"
},
"url": "https://xxxxxxxxx/users",
"httpContentType": "application/json",
"httpMethod": "POST"
},
"listField": "userDetails",
"keyField": "entitlementID",
"statusConfig": {
"active": "true",
"inactive": "false"
},
"colsToPropsMap": {
"entitlementID": "EntitlementDetails.roleId~#~char",
"entitlement_value": "EntitlementDetails.roleId~#~char",
"acctEntMappingInfoColumnFromEnt": "STORE#ACC#ENT#MAPPINGINFO~#~char"
}


}
}
}
}
}
}

piyushm
Regular Contributor II
Regular Contributor II

Hi @SB Were you able to check the json?

SB
Saviynt Employee
Saviynt Employee

Hi @piyushm This scenario will not work. The entitlement has to be of same format for both - Provisioning and Import. In case we are importing entitlements as a concatenated value, then for provisioning as well they will be visible as concatenated value for selection and provisioning for this format will not be possible.

Can you confirm if the OfficeId is unique for each entitlement. If it is then we can save it as a CP attribute at the entitlement level but concatenation will not be possible. 


Regards,
Sahil

piyushm
Regular Contributor II
Regular Contributor II

Hi @SB ,

The office Id is not unique. Role Id is unique. The combination of these 2 will be a unique entitlement.

the Actual entitlement is a combination of Office Id + Office Name + Role Id + Role Name.

 

This can be the displayname (manually updated). But the entitlement value has to be atleast the concatenation of office id and role id. The application stores the entitlement in the form of 2 attributes, Role and Office.  So in the ARS form,  we will be showing the concatenated value and in the Addaccessjson we need to pass these as  2 seperate values for the user.

Even if we go with Role Id as the unique entitlement value, can you help what will be the json mapping? 

I tried below but it is not fetching any result.

"entitlementID": "${EntitlementDetails[].roleId}~#~char",

You need concat while importing as well as provisioning 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

piyushm
Regular Contributor II
Regular Contributor II

@rushikeshvartak  How do I iterate through the array within the result? Both attributes which I need to concat are present within an array attribute Entitlementdetails within result Userdetails. 

I don’t know if below format is even correct. There is nothing in the guide about how to import or iterate array objects. 


"entitlementID": "${EntitlementDetails[].roleId}~#~char",

https://forums.saviynt.com/t5/identity-governance/rest-string-functions/m-p/9161#M1562


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

piyushm
Regular Contributor II
Regular Contributor II

Thanks @rushikeshvartak . It is partially working for me.

with the mapping  as below

"entitlement_value": "#CONST#${String op = response?.EntitlementDetails?.officeId; String target = response?.EntitlementDetails?.roleId; ret = op + \"-\" + target; return ret}~#~char"

The entitlement are getting created like

"[OfficeId1, OfficeId2,]-[RoleId1,RoleId2]".

This got created since the user has 2role ids and 2 office ids assigned.

If I try with 

 "entitlement_value": "#CONST#${String op = response?.EntitlementDetails[0]?.officeId; String target = response?.EntitlementDetails[0]?.roleId; ret = op + \"-\" + target; return ret}~#~char"

Then only one entitlement gets created as

"OfficeId1-RoleId1",

This is the format I need. But I want to iterate to next object in the array for that user and then next user and so on. This way entitlements with unique pairs will get created.

The problem is each user has EntitlementDetails array object.

 

 

 

SB
Saviynt Employee
Saviynt Employee

Marking this thread as closed. 

The entitlement has to be of same format for both - Provisioning and Import. In case we are importing entitlements as a concatenated value, then for provisioning as well they will be visible as concatenated value for selection and provisioning for this format will not be possible.


Regards,
Sahil