Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Syncing information from AD accounts to linked user in Saviynt

Go to solution
Robbe_Cronos
Regular Contributor II
Regular Contributor II

‎06/14/2022 02:44 AM

Hello,

We want to have some additional information from the AD accounts (e.g. ObjectGUID) mapped to the users in Saviynt. 

We configured this in the USER_ATTRIBUTE of the connection:

CUSTOMPROPERTY50::objectGUID#Binary

Then we ran the UserImport job. We left the reconciliation field on default as this was recommended (we also tried employeeID).

The ObjectGUID is not mapped to the user and neither are any of the other attributes already configured in the USER_ATTRIBUTE json.

Some help with this would be appreciated.

Robbe

 

Labels:
0 Kudos
17 REPLIES 17

Go to solution
Manikanta_S
Saviynt Employee
Saviynt Employee

‎06/14/2022 03:53 AM - edited ‎06/14/2022 03:58 AM

Hello,

Can you please try it as below.

RECONCILATION_FIELD::CUSTOMPROPERTY26,CUSTOMPROPERTY26::objectGUID#Binary,

Please refer to the below documentation on AD Jsons for importing Notes field

https://saviynt.freshdesk.com/a/solutions/articles/43000613953

Please let us know if this helps !!

 

Thanks & Kind Regards,
Manikanta.S
0 Kudos

Go to solution
Robbe_Cronos
Regular Contributor II
Regular Contributor II
In response to Manikanta_S

‎06/14/2022 05:54 AM

Hello,

I forgot to mention it in the post, but we've tried doing this already. This did not give us any results.

Robbe

0 Kudos

Go to solution
sahajranajee
Saviynt Employee
Saviynt Employee

‎06/14/2022 06:23 AM

Hello,

Has the objectGUID been imported onto any user attribute?

 


Regards,
Sahaj Ranajee
Sr. Product Specialist
0 Kudos

Go to solution
Robbe_Cronos
Regular Contributor II
Regular Contributor II
In response to sahajranajee

‎06/14/2022 11:51 PM

Hello,

Yes, we've tried importing it to a customproperty as well as a pre-defined user attribute that wasn't in use. This did not give us the objectGUID.

Robbe

0 Kudos

Go to solution
sahajranajee
Saviynt Employee
Saviynt Employee

‎06/15/2022 12:59 AM

Hello,

Could you please share the user import mapping you are using?

 


Regards,
Sahaj Ranajee
Sr. Product Specialist
0 Kudos

Go to solution
Robbe_Cronos
Regular Contributor II
Regular Contributor II
In response to sahajranajee

‎06/15/2022 01:21 AM

Hello, 

[CUSTOMPROPERTY1::cn#String,CUSTOMPROPERTY2::name#String,DISPLAYNAME::displayname#String,CUSTOMPROPERTY3::sn#String,COMMENTS::distinguishedName#String,statuskey::userAccountControl#number,CUSTOMPROPERTY6::cn#String,CUSTOMPROPERTY9::telephoneNumber#String,CUSTOMPROPERTY11::uSNCreated#String,ENDDATE::accountExpires#millisec,UPDATEDATE::whenChanged#customDate--yyyyMMddHHmmss.'0Z',CUSTOMPROPERTY16::streetAddress#String,CUSTOMPROPERTY18::department#String,USERNAME::cn#String,CUSTOMPROPERTY20::userPrincipalName#String,CUSTOMPROPERTY21::manager#String,CREATEDATE::whenCreated#customDate--yyyyMMddHHmmss.'0Z',COMMENTS::distinguishedName#String,systemUserName::sAMAccountName#String, CUSTOMPROPERTY50::objectGUID#Binary]

I do have to add that we have tried:

 RECONCILIATION_FIELD::CUSTOMPROPERTY26, CUSTOMPROPERTY26::objectGUID#Binary

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee

‎06/15/2022 10:21 AM - edited ‎06/15/2022 01:50 PM

Hello Robbe,

Going through your questions, I need a bit of clarification. Are you using the AD Connector to Import "users" in Saviynt or using it to imports it as "accounts" ?

If using it to import accounts then the config needs to be under ACCOUNT_ATTRIBUTE

If using it to import users then the config needs to be under USER_ATTRIBUTE

OR

Do you already have users in Saviynt from a different HR source but want to map the corresponding "ObjectGUID" from Active Directory against users who also exist in Saviynt ?

 

Also the Reconciliation field needs to be set as RECONCILATION_FIELD and not RECONCILIATION_FIELD. There's a typo at our end which needs to be corrected but for now, please use the following.

 

CUSTOMPROPERTY26::objectGUID#Binary,
RECONCILATION_FIELD::CUSTOMPROPERTY26

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri
0 Kudos

Go to solution
Robbe_Cronos
Regular Contributor II
Regular Contributor II
In response to avinashchhetri

‎06/16/2022 12:10 AM

Hello,

Your third explanation is pretty much it. We already have users in Saviynt from another HR source and accounts linked to those users which we imported from Active Directory. We are trying to map the ObjectGUID from the accounts in Active Directory to the corresponding user of that account. 

 I have just tried changing the RECONCILIATION_FIELD to RECONCILATION_FIELD but this did not work. 

Robbe

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to Robbe_Cronos

‎06/16/2022 09:49 AM - edited ‎06/16/2022 10:07 AM

Hello Robbe,

Then in your case what you should be doing is, have the configuration logic in your USER_ATTRIBUTES, Reconciliation Field might not even be needed at the connector level.

If you do not plan to import all the attributes from AD and map it to your user, it could be a very simple config like:

[USERNAME::sAMAccountName#String,
customproperty26::objectGUID#Binary]

Assuming that your "samAccountName" in AD is  the same as your "UserName" in Saviynt.

Now you would need to configure a Job of type "User Import via a Connection(UserImportJob)" and configure the parameters of the Job accouringly and schedule/run it.

Documentation on this job is available here : https://saviynt.freshdesk.com/support/solutions/articles/43000571858-importing-users-using-the-useri...

 

This should update the user's profile with the ObjectGUID from the corresponding account in AD.

 

 

Regards,

Avinash Chhetri

 

 

 

Regards,
Avinash Chhetri
0 Kudos

Go to solution
Robbe_Cronos
Regular Contributor II
Regular Contributor II
In response to avinashchhetri

‎06/17/2022 12:34 AM

Hello,

I just tried your solution but instead of using sAMaccountname, we used employeeID. Seeing as employeeID is the only attribute that is the same in the user and the account in Active Directory.

[employeeID::employeeID#String,CUSTOMPROPERTY26::objectGUID#Binary]

We used this in our USER_ATTRIBUTE JSON and set the reconciliation field in the user import job to employeeID. This gave us an error though: Getting user validationErrors while saving users

Any idea on how to fix this error?

Kind regards,

Robbe

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to Robbe_Cronos

‎06/17/2022 01:47 PM

Robbe,

The Saviynt USERNAME is a mandatory parameter for user Import.

If there is no USERNAME in the USER_ATTRIBUTE, then import might complete successfully but will not update any record in Saviynt.

If you map USERNAME to a random attribute from AD, say "cn" , in the USER_ATTRIBUTE, then import will end up updating the Saviynt USERNAME to the "cn" value for the records which matched based on the Reconciliation parameter.

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri
0 Kudos

Go to solution
JohnLawson
Regular Contributor
Regular Contributor
In response to Robbe_Cronos

‎09/19/2022 11:56 AM

What did your USER_ATTRIBUTE json end up being? I'm trying to do something very similar but having trouble getting it to update the user attribute.

0 Kudos

Go to solution
Vinit556
New Contributor III
New Contributor III
In response to Robbe_Cronos

‎09/20/2022 03:17 AM

Hello Robbe,

Did u get this issue fix?

I also have the same use case but unable to execute.

Regards,

-Vinit

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to Vinit556

‎09/20/2022 07:00 AM - edited ‎09/20/2022 12:39 PM

Hello @Robbe_Cronos@Vinit556,

If you have any attribute in Saviynt UserName field that can be mapped with an AD attribute, then this should be do-able. There are other requirements which might also need an immutable attribute to be used as a reconciliation field but for a start, the first one should suffice.

 

 

Regards,
Avinash Chhetri
0 Kudos

Go to solution
Robbe_Cronos
Regular Contributor II
Regular Contributor II
In response to Vinit556

‎09/22/2022 02:17 AM

We added CUSTOMPROPERTY26::objectGUID# in our USER_ATTRIBUTE JSON and started the User import via a connection job with UPDATE ONLY and Reconciliation field as EmployeeID. 

We took employeeID as a reconciliation field, because this is the field which is present and the exact same in the User base and the accounts in Active Directory.

We didn't add anything about the employeeID in the USER_ATTRIBUTE JSON itself.

Hope this helps!

Go to solution
JohnLawson
Regular Contributor
Regular Contributor

‎09/20/2022 09:56 AM

I have this as the USER_ATTRIBUTE but it isn't updating the user attribute at all:
[
CUSTOMPROPERTY11::accountExpires#millisec,
USERNAME::cn#String,
RECONCILATION_FIELD::CUSTOMPROPERTY21,
CUSTOMPROPERTY21::objectGUID#Binary
]

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to JohnLawson

‎09/20/2022 12:39 PM

Hello @JohnLawson,

Do you have the ObjectGUID from AD already existing on the user attribute CP21 ?

Coud you also share the Import User Job configurations ?

 

 

Regards,
Avinash Chhetri
0 Kudos
Copyright © 2024 Khoros, LLC