Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Separate calls by provisioning Guest User in Azure AD

JPMac
Regular Contributor
Regular Contributor

‎02/07/2024 04:06 AM

In our environment, we need to provision Guest User in Azure AD.
However, the URL (https://graph.microsoft.com/v1.0/invitations) that creates Guest User does not allow us to edit detailed properties, so we have written an API in call2 to update attribute.

===

{
    "accountIdPath": "call1.message.invitedUser.id",
    "dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
    "responseColsToPropsMap": {
    "displayName": "call1.message.invitedUserDisplayName~#~char",
    "name": "call2.message.userPrincipalName~#~char"
    },
    "call": [
    {
    "name": "call1",
    "connection": "userAuth",
    "httpMethod": "POST",
    "httpParams": "{\"invitedUserEmailAddress\":\"${user.email}\",\"invitedUserDisplayName\":\"${user.firstname}\", \"inviteRedirectUrl\":\"https://portal.azure.com\", \"invitedUserType\": \"Guest\", \"sendInvitationMessage\":\"true\"}",
    "httpHeaders": {
    "Authorization": "${access_token}",
    "Content-Type": "application/json"
    },
    "httpContentType": "application/json",
    "successResponses": {
    "statusCode": [
    200,
    201,
    204,
    205
    ]
    },
    "unsuccessResponses": {
    "error.code": [
    "Request_BadRequest",
    "Authentication_MissingOrMalformed",
    "Request_ResourceNotFound",
    "Authorization_RequestDenied",
    "Authentication_Unauthorized",
    "BadRequest"
    ]
    }
    },
    {
        "name": "call2",
        "connection": "userAuth",
        "httpMethod": "PATCH",
        "httpParams": "{\"givenname\":\"${user.firstname}\",\"surname\":\"${user.lastname}\",\"displayName\":\"${user.lastname}, ${user.firstname}\",\"city\":\"${user.startdate}/${user.enddate}\",\"streetaddress\":\"${user.startdate}/${user.enddate}/0\",\"officelocation\":\"${user.customer.displayname}\",\"CompanyName\":\"${user.startdate}/${user.enddate}/0\",\"department\":\"${user.startdate.format('yyyy/MM/dd')}\",\"state\":\"${user.customproperty12}\",\"country\":\"SAVI\"}",
        "httpHeaders": {
            "Authorization": "${access_token}"
        },
        "httpContentType": "application/json",
        "successResponses": {
            "statusCode": [
                200,
                201,
                204,
                205
            ]
        }
    }
    ]
    }

===

When we use this create account JSON to provision, call2 changes the attribute, but it updates the attribute with ${} still.

JPMac_0-1707307596800.png

 

Where should I change to edit the attribute properly with Saviynt's user property?

Labels:
0 Kudos
2 REPLIES 2

AmitM
Valued Contributor
Valued Contributor

‎02/07/2024 04:55 AM - edited ‎02/07/2024 04:56 AM

Hi @JPMac ,

This could happen because of Azure side sync where in the ID is returned but the object is still not created and synced fully. I can't guarantee the root cause analysis is correct but to solve this problem we did : 

We used to see this issue intermittently (Only for GUEST accounts), after waiting for a min or two , it used to work. So we invited the user via create account JSON and created an Analytic report to find such entries and update account. Here is the sample :

select distinct a.name,a.accountkey as acctKey, endpointkey, 'updateAccount' as Default_Action_For_Analytics from accounts a,user_accounts ua,users u,arstasks at where ua.userkey=u.userkey and ua.accountkey=a.accountkey and a.endpointkey='2' and a.endpointkey=at.endpoint and u.customproperty10 in ('Workday(S)','Workday(IRA)') and at.userkey=u.userkey and u.userkey in (select userkey from arstasks at where at.tasktype=3 and at.status =3 and endpoint=2) and u.userkey not in (select userkey from arstasks at where at.tasktype in (12) and at.status in (1,3,4));

Good Luck !!

Kind Regards,

Amit

If it solved your challenge, please ACCEPT SOLUTION.

If informative enough hit Kudos

0 Kudos

Dhruv_S
Saviynt Employee
Saviynt Employee
In response to AmitM

‎04/29/2024 04:25 AM

Hi @AmitM @JPMac 

Could you please confirm if the above JSON works for the call2 (without using any workarounds like analytics). Could you please share the working JSON if there are any changes done in the same.

Regards,

Dhruv Sharma

0 Kudos
Copyright © 2024 Khoros, LLC