Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Separate calls by provisioning Guest User in Azure AD

Go to solution
JPMac
Regular Contributor II
Regular Contributor II

‎02/07/2024 04:06 AM

In our environment, we need to provision Guest User in Azure AD.
However, the URL (https://graph.microsoft.com/v1.0/invitations) that creates Guest User does not allow us to edit detailed properties, so we have written an API in call2 to update attribute.

===

{
    "accountIdPath": "call1.message.invitedUser.id",
    "dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
    "responseColsToPropsMap": {
    "displayName": "call1.message.invitedUserDisplayName~#~char",
    "name": "call2.message.userPrincipalName~#~char"
    },
    "call": [
    {
    "name": "call1",
    "connection": "userAuth",
    "httpMethod": "POST",
    "httpParams": "{\"invitedUserEmailAddress\":\"${user.email}\",\"invitedUserDisplayName\":\"${user.firstname}\", \"inviteRedirectUrl\":\"https://portal.azure.com\", \"invitedUserType\": \"Guest\", \"sendInvitationMessage\":\"true\"}",
    "httpHeaders": {
    "Authorization": "${access_token}",
    "Content-Type": "application/json"
    },
    "httpContentType": "application/json",
    "successResponses": {
    "statusCode": [
    200,
    201,
    204,
    205
    ]
    },
    "unsuccessResponses": {
    "error.code": [
    "Request_BadRequest",
    "Authentication_MissingOrMalformed",
    "Request_ResourceNotFound",
    "Authorization_RequestDenied",
    "Authentication_Unauthorized",
    "BadRequest"
    ]
    }
    },
    {
        "name": "call2",
        "connection": "userAuth",
        "httpMethod": "PATCH",
        "httpParams": "{\"givenname\":\"${user.firstname}\",\"surname\":\"${user.lastname}\",\"displayName\":\"${user.lastname}, ${user.firstname}\",\"city\":\"${user.startdate}/${user.enddate}\",\"streetaddress\":\"${user.startdate}/${user.enddate}/0\",\"officelocation\":\"${user.customer.displayname}\",\"CompanyName\":\"${user.startdate}/${user.enddate}/0\",\"department\":\"${user.startdate.format('yyyy/MM/dd')}\",\"state\":\"${user.customproperty12}\",\"country\":\"SAVI\"}",
        "httpHeaders": {
            "Authorization": "${access_token}"
        },
        "httpContentType": "application/json",
        "successResponses": {
            "statusCode": [
                200,
                201,
                204,
                205
            ]
        }
    }
    ]
    }

===

When we use this create account JSON to provision, call2 changes the attribute, but it updates the attribute with ${} still.

JPMac_0-1707307596800.png

 

Where should I change to edit the attribute properly with Saviynt's user property?

Labels:
0 Kudos
5 REPLIES 5

Go to solution
Amit_Malik
Valued Contributor II
Valued Contributor II

‎02/07/2024 04:55 AM - edited ‎02/07/2024 04:56 AM

Hi @JPMac ,

This could happen because of Azure side sync where in the ID is returned but the object is still not created and synced fully. I can't guarantee the root cause analysis is correct but to solve this problem we did : 

We used to see this issue intermittently (Only for GUEST accounts), after waiting for a min or two , it used to work. So we invited the user via create account JSON and created an Analytic report to find such entries and update account. Here is the sample :

select distinct a.name,a.accountkey as acctKey, endpointkey, 'updateAccount' as Default_Action_For_Analytics from accounts a,user_accounts ua,users u,arstasks at where ua.userkey=u.userkey and ua.accountkey=a.accountkey and a.endpointkey='2' and a.endpointkey=at.endpoint and u.customproperty10 in ('Workday(S)','Workday(IRA)') and at.userkey=u.userkey and u.userkey in (select userkey from arstasks at where at.tasktype=3 and at.status =3 and endpoint=2) and u.userkey not in (select userkey from arstasks at where at.tasktype in (12) and at.status in (1,3,4));

Good Luck !!

Kind Regards,

Amit

If it solved your challenge, please ACCEPT SOLUTION.

If informative enough hit Kudos

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".
0 Kudos

Go to solution
Dhruv_S
Saviynt Employee
Saviynt Employee
In response to Amit_Malik

‎04/29/2024 04:25 AM

Hi @Amit_Malik @JPMac 

Could you please confirm if the above JSON works for the call2 (without using any workarounds like analytics). Could you please share the working JSON if there are any changes done in the same.

Regards,

Dhruv Sharma

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star

‎04/29/2024 06:03 AM

You are setting account name from call2


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
JPMac
Regular Contributor II
Regular Contributor II

‎04/29/2024 05:08 PM

It's working by using this json.

{
    "accountIdPath": "call1.message.invitedUser.id",
    "dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
    "responseColsToPropsMap": {
    "displayName": "call1.message.invitedUserDisplayName~#~char",
    "name": "call2.message.userPrincipalName~#~char"
    },
    "call": [
    {
    "name": "call1",
    "connection": "userAuth",
    "httpMethod": "POST",
    "httpParams": "{\"invitedUserEmailAddress\":\"${user.email}\",\"invitedUserDisplayName\":\"${user.firstname}\", \"inviteRedirectUrl\":\"https://portal.azure.com\", \"invitedUserType\": \"Guest\", \"sendInvitationMessage\":\"true\"}",
    "httpHeaders": {
    "Authorization": "${access_token}",
    "Content-Type": "application/json"
    },
    "httpContentType": "application/json",
    "successResponses": {
    "statusCode": [
    200,
    201,
    204,
    205
    ]
    },
    "unsuccessResponses": {
    "error.code": [
    "Request_BadRequest",
    "Authentication_MissingOrMalformed",
    "Request_ResourceNotFound",
    "Authorization_RequestDenied",
    "Authentication_Unauthorized",
    "BadRequest"
    ]
    }
    },
    {
        "name": "call2",
        "connection": "userAuth",
        "httpMethod": "PATCH",
        "httpParams": "{\"givenname\": \"${user.firstname}\",\"surname\":\"${user.lastname}\",\"displayName\":\"${user.lastname}, ${user.firstname}\",\"city\":\"${user.startdate}/${user.enddate}\",\"country\": \"SAVI\"}",
        "httpHeaders": {
            "Authorization": "${access_token}"
        },
        "httpContentType": "application/json",
        "successResponses": {
            "statusCode": [
                200,
                201,
                204,
                205
            ]
        }
    }
    ]
    }
0 Kudos

Go to solution
gokul
Regular Contributor
Regular Contributor
In response to JPMac

‎05/06/2024 11:21 AM

Hi @JPMac, I'm also facing the same issue. What is the root cause of that issue? and inorder to fix this do we have to pass only limited attributes? what is the fix you have done in the above json.
Your assistance in this would be highly appreciated.

0 Kudos
Copyright © 2024 Khoros, LLC