Saviynt Forums

rahul_p · ‎10/08/2024

Hello,

We are configuring the service account in Azure , we have request form(DA) with following attributes :

Firstname
Lastname
AccountType (Service/TESTService)
AccountName(account name generated based upon firstname and lastname)

We are using following Create Account JSON which is not working :

{
"accountIdPath": "call1.message.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"displayName": "call1.message.displayName~#~char",
"name": "call1.message.userPrincipalName~#~char"
},
"call": [
{
"name": "call1",
"connection": "${connectionName}",
"url": "https://graph.microsoft.com/v1.0/users",
"httpMethod": "POST",
"httpParams": "{\"accountEnabled\":true,\"displayName\":\"${lastname}\",\"mailNickname\":\"${firstname}\",\"userPrincipalName\":\"${task.accountName}\",\"employeeType\":\"${ServiceAccountType}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}

{"accountIdPath": "call1.message.id","dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX","responseColsToPropsMap": {"displayName": "call1.message.displayName~#~char","name": "call1.message.userPrincipalName~#~char"},"call": [{"name": "call1","connection": "${connectionName}","url": "https://graph.microsoft.com/v1.0/users","httpMethod": "POST","httpParams": "{\"accountEnabled\":true,\"displayName\":\"${lastname}\",\"mailNickname\":\"${firstname}\",\"userPrincipalName\":\"${task.accountName}\",\"employeeType\":\"${ServiceAccountType}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"}}","httpHeaders": {"Authorization": "${access_token}"},"httpContentType": "application/json","successResponses": {"statusCode": [200,201,204,205]}}]}

When we are using hard coded values then its working :

Spoiler

{
"accountIdPath": "call1.message.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"displayName": "call1.message.displayName~#~char",
"name": "call1.message.userPrincipalName~#~char"
},
"call": [
{
"name": "call1",
"connection": "${connectionName}",
"url": "https://graph.microsoft.com/v1.0/users",
"httpMethod": "POST",
"httpParams": "{\"accountEnabled\":true,\"displayName\":\"<hardcodedvalue>\",\"mailNickname\":\"<hardcodedvalue>\",\"userPrincipalName\":\"<hardcodedvalue>\",\"employeeType\":\"<hardcodedvalue>\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}

{"accountIdPath": "call1.message.id","dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX","responseColsToPropsMap": {"displayName": "call1.message.displayName~#~char","name": "call1.message.userPrincipalName~#~char"},"call": [{"name": "call1","connection": "${connectionName}","url": "https://graph.microsoft.com/v1.0/users","httpMethod": "POST","httpParams": "{\"accountEnabled\":true,\"displayName\":\"<hardcodedvalue>\",\"mailNickname\":\"<hardcodedvalue>\",\"userPrincipalName\":\"<hardcodedvalue>\",\"employeeType\":\"<hardcodedvalue>\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"}}","httpHeaders": {"Authorization": "${access_token}"},"httpContentType": "application/json","successResponses": {"statusCode": [200,201,204,205]}}]}

Any suggestion here?

Regards,

Rahul

NM · ‎10/08/2024

@rahul_p are you using service account tile?

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

rahul_p · ‎10/08/2024

Hello @NM ,

Yes, using manage service account tile.

Thanks!

NM · ‎10/08/2024

@rahul_p , share existing DA values screenshot from endpoint.

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

rushikeshvartak · ‎10/08/2024

Access dynamic attribute using below synatx

${requestAccessAttributes?.get('firstname')}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

rahul_p · ‎10/09/2024

Hello @rushikeshvartak ,

I tried with below 2 JSONs but it still failing with same error :

1st

Spoiler

{
"accountIdPath": "call1.message.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"displayName": "call1.message.displayName~#~char",
"name": "call1.message.userPrincipalName~#~char"
},
"call": [
{
"name": "call1",
"connection": "${connectionName}",
"url": "https://graph.microsoft.com/v1.0/users",
"httpMethod": "POST",
"httpParams": "{\"accountEnabled\":true,\"displayName\":\"${requestAccessAttributes?.get('lastname')}\",\"mailNickname\":\"${requestAccessAttributes?.get('firstname')}\",\"userPrincipalName\":\"${requestAccessAttributes?.get('task.accountName')}\",\"employeeType\":\"${requestAccessAttributes?.get('serviceAccountType')}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}

{"accountIdPath": "call1.message.id","dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX","responseColsToPropsMap": {"displayName": "call1.message.displayName~#~char","name": "call1.message.userPrincipalName~#~char"},"call": [{"name": "call1","connection": "${connectionName}","url": "https://graph.microsoft.com/v1.0/users","httpMethod": "POST","httpParams": "{\"accountEnabled\":true,\"displayName\":\"${requestAccessAttributes?.get('lastname')}\",\"mailNickname\":\"${requestAccessAttributes?.get('firstname')}\",\"userPrincipalName\":\"${requestAccessAttributes?.get('task.accountName')}\",\"employeeType\":\"${requestAccessAttributes?.get('serviceAccountType')}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"}}","httpHeaders": {"Authorization": "${access_token}"},"httpContentType": "application/json","successResponses": {"statusCode": [200,201,204,205]}}]}

2nd

Spoiler

{
"accountIdPath": "call1.message.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"displayName": "call1.message.displayName~#~char",
"name": "call1.message.userPrincipalName~#~char"
},
"call": [
{
"name": "call1",
"connection": "${connectionName}",
"url": "https://graph.microsoft.com/v1.0/users",
"httpMethod": "POST",
"httpParams": "{\"accountEnabled\":true,\"displayName\":\"${requestAccessAttributes?.get('lastname')}\",\"mailNickname\":\"${requestAccessAttributes?.get('firstname')}\",\"userPrincipalName\":\"${requestAccessAttributes?.get('accountName')}\",\"employeeType\":\"${requestAccessAttributes?.get('serviceAccountType')}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}

{"accountIdPath": "call1.message.id","dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX","responseColsToPropsMap": {"displayName": "call1.message.displayName~#~char","name": "call1.message.userPrincipalName~#~char"},"call": [{"name": "call1","connection": "${connectionName}","url": "https://graph.microsoft.com/v1.0/users","httpMethod": "POST","httpParams": "{\"accountEnabled\":true,\"displayName\":\"${requestAccessAttributes?.get('lastname')}\",\"mailNickname\":\"${requestAccessAttributes?.get('firstname')}\",\"userPrincipalName\":\"${requestAccessAttributes?.get('accountName')}\",\"employeeType\":\"${requestAccessAttributes?.get('serviceAccountType')}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"}}","httpHeaders": {"Authorization": "${access_token}"},"httpContentType": "application/json","successResponses": {"statusCode": [200,201,204,205]}}]}

Error :

Spoiler

{"auditDetails":{"call1":[{"headers":null,"message":{"error":{"code":"Request_BadRequest","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","details":[{"code":"InvalidValue","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","target":"userPrincipalName"}],"innerError":{"date":"2024-10-09T07:38:57","request-id":"<id>","client-request-id":"e<cid>"}}},"statusCode":400,"description":null,"status":"Failed"},{"headers":null,"message":{"error":{"code":"Request_BadRequest","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","details":[{"code":"InvalidValue","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","target":"userPrincipalName"}],"innerError":{"date":"2024-10-09T07:40:58","request-id":"<id>","client-request-id":"3<cid>"}}},"statusCode":400,"description":null,"status":"Failed"},{"headers":null,"message":{"error":{"code":"Request_BadRequest","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","details":[{"code":"InvalidValue","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","target":"userPrincipalName"}],"innerError":{"date":"2024-10-09T07:45:03","request-id":"<id>","client-request-id":"<cid>"}}},"statusCode":400,"description":null,"status":"Failed"},{"headers":null,"message":{"error":{"code":"Request_BadRequest","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","details":[{"code":"InvalidValue","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","target":"userPrincipalName"}],"innerError":{"date":"2024-10-09T07:47:24","request-id":"<id>","client-request-id":"1<cid>"}}},"statusCode":400,"description":null,"status":"Failed"}]},"call1":{"headers":null,"message":{"error":{"code":"Request_BadRequest","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","details":[{"code":"InvalidValue","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","target":"userPrincipalName"}],"innerError":{"date":"2024-10-09T07:50:52","request-id":"<id>","client-request-id":"<cid>"}}},"statusCode":400,"description":null,"status":"Failed"}}

Hello @NM ,

PFB screenshot :

Regards,

Rahul

rushikeshvartak · ‎10/09/2024

Does Your UPN is abcd@pqr.com ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

rahul_p · ‎10/10/2024

Hello Everyone,

Removed requestAccessAttributes from accountName :

Working JSON :

Spoiler

{
"accountIdPath": "call1.message.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"displayName": "call1.message.displayName~#~char",
"name": "call1.message.userPrincipalName~#~char"
},
"call": [
{
"name": "call1",
"connection": "${connectionName}",
"url": "https://graph.microsoft.com/v1.0/users",
"httpMethod": "POST",
"httpParams": "{\"accountEnabled\":true,\"displayName\":\"${requestAccessAttributes?.get('lastname')}\",\"mailNickname\":\"${requestAccessAttributes?.get('firstname')}\",\"userPrincipalName\":\"${accountName}\",\"employeeType\":\"${requestAccessAttributes?.get('serviceAccountType')}\",\"companyName\":\"${requestAccessAttributes?.get('serviceAccountType')}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}

{"accountIdPath": "call1.message.id","dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX","responseColsToPropsMap": {"displayName": "call1.message.displayName~#~char","name": "call1.message.userPrincipalName~#~char"},"call": [{"name": "call1","connection": "${connectionName}","url": "https://graph.microsoft.com/v1.0/users","httpMethod": "POST","httpParams": "{\"accountEnabled\":true,\"displayName\":\"${requestAccessAttributes?.get('lastname')}\",\"mailNickname\":\"${requestAccessAttributes?.get('firstname')}\",\"userPrincipalName\":\"${accountName}\",\"employeeType\":\"${requestAccessAttributes?.get('serviceAccountType')}\",\"companyName\":\"${requestAccessAttributes?.get('serviceAccountType')}\",\"passwordProfile\":{\"forceChangePasswordNextSignIn\":true,\"password\":\"${password}\"}}","httpHeaders": {"Authorization": "${access_token}"},"httpContentType": "application/json","successResponses": {"statusCode": [200,201,204,205]}}]}

Regards,

Rahul

Saviynt Forums

Service Account configuration in Azure