Saviynt Forums

I do run into a 403 error, somehow, even though the connector is able to perform the operation.  I attached the error within this post.  How can the connector work if it cannot actually login?

This does not look like the right log. Can you update ConfigJSON param in the REST connection with value {"showLogs":true}. Run the prov job and search for Calling Webservice Url and then trace the thread forward to check for the error.

I tried to re-apply the transaction and took an excerpt of the log containing all the lines for a single task execution.  I can't see any sort of error code in there that would explain the condition I see.

API response is: {"errorCode":"0","message":" User Updated Successfully"}, statusCode:200

I see you are using updateUser api and are possibly disabling the user. This will only disable the user and based on your further config, the disable account tasks will be generated. This api is not triggering those account tasks or any requests. So the provisioning of these tasks are independent of the updateUser  api you are calling. 

I understand the first two sentences here and you are right, disabling the EIC identity is the end goal. 

I think I understand the next two sentences and I agree, a provisioning job must run for the task.  We do execute such a task, I believe this is what is causing the call through the api.

What I don't understand is why do the tasks remain even though the provisioning calls are successful?  What am I missing to clean and archive those tasks...

share full json

Hi @rushikeshvartak 

Here is the json used to disable the account:

{
  "call": [
  {
    "name": "call1",
    "connection": "userAuth",
    "url": "https://ClientInfoRedacted.saviyntcloud.com/ECM/api/v5/updateUser",
    "httpMethod": "POST",
    "httpParams": "{\"username\":\"${user.username}\",\"statuskey\":\"1\"}",
    "httpHeaders": {
    "Authorization": "${access_token}"
  },
  "httpContentType": "application/json",
  "successResponses": [
    {
      "message": "User Updated Successfully"
    }
    ]
  }
  ]
}

Thanks in advance!

@flegare  Can you share a screenshot of the task that you see is still pending. Also, please confirm the steps you are following for the use case.

Hi @rushikeshvartak ,

We tried with this statement, too:

{
  "call": [
  {
  "name": "call1",
  "connection": "userAuth",
  "url": "https://ClientInfoRedacted.saviyntcloud.com/ECM/api/v5/updateUser",
  "httpMethod": "POST",
  "httpParams": "{\"username\":\"${user.username}\",\"statuskey\":\"0\"}",
  "httpHeaders": {
    "Authorization": "${access_token}"
  },
  "httpContentType": "application/json",
  "successResponses": [
  {
  "errorCode":"0",
  "message": "User Updated Successfully",
  "statusCode": [
    200,
    201,
    204,
    205
  ]
  }
]
}
]
}

Hi @SB ,

Steps are as follows:
Status update is read in from hr source
User Update rule triggers leaver action tasks
Tasks are applied through wsretry job

Screenshots are attached

Thanks for your help!!

Hi @SB,

I gave this a try and I am able to disable the account, however the identity itself remains active after import.   Is there something obvious I am missing?

Thanks again!

Francois

To be clear, do you mean the User remains active after import or the account? 

Correct, when I mark the account as either "SUSPENDED FROM IMPORT SERVICE" or "Manually Suspended" through API and then import the account back, the identity to which the account is linked remains active.

However, why would we need to run an account update where an user update operation yielded a 200 return code?  Not sure on what is missing in here

Hi @renatogiron ,

Assumptions 1 and 4 are correct.  Assumptions 2 and 3 aren't.  The identity itself is disabled but the account in S4S remains active.

I believe the issue is on our end though, the identity is actually being disabled from the authoritative source prior to our Disable account action.  There is no need to have this additional activity triggered.

Thanks for your assistance in getting this figured out, though, it was much appreciated.