Click HERE to see how Saviynt Intelligence is transforming the industry. |
03/15/2023 11:12 AM
Hello,
Is it possible to turn off random password generation for SAP connector? It looks to generate a random password by default. Currently I am trying to set a random password only if the user starts with xt otherwise use a password formula. Below is my CreateAccountJson where I pass in the logic to BAPIPWD. Regardless if the username starts with xt or not a random password is generated.
{
"ADDRESS": {
"LASTNAME": "${if(user?.lastname!=null){user.lastname}else{''}}",
"FIRSTNAME": "${if(user?.firstname!=null){user.firstname}else{''}}",
"E_MAIL": "${if(user?.email!=null){user.email}else{''}}",
"DEPARTMENT": "${if(user?.departmentname!=null){user.departmentname}else{''}}",
"FUNCTION": "${if(user?.title!=null){user.title}else{''}}"
},
"LOGONDATA": {
"USTYP": "A"
},
"DEFAULTS": {
"LANGU": "E",
"DATFM": "5",
"DCPFM": "X",
"SPDB": "G",
"SPDA": "D"
},
"CLASS": {
"USERGROUP": "${if(task?.accountName.toString().toLowerCase().startsWith('t')){'SUPER'} else if(task?.accountName.toString().toLowerCase().startsWith('xt')){'CONSULTANT'} else{'Test'}}"
},
"PASSWORD": {
"BAPIPWD": "${if(user?.username.toLowerCase().startsWith('xt')) {randomPassword} else {user?.lastname.substring(0,1).toUpperCase() + user?.lastname.substring(1,2).toLowerCase() + user?.customproperty63 + user?.username.substring(user?.username.length() - 3) + user?.customproperty64.substring(user?.customproperty64.length() -2) + '!'}}"
}
}
03/21/2023 11:46 AM
Can you try to pass static value for the conditions in the password and see if that works with the if else clause.
03/24/2023 08:19 AM
Hello Sahil,
It still only gives a random password if I put in a static password into the if else statement.
Password I got:
Logic ->
03/24/2023 01:04 PM
So looks like the correct password is being set correct, but the email template does not send the correct password using ${account_password} variable. What is the correct variable to use to send the password?
03/27/2023 09:48 AM
Can you try with ${task?.password}.
03/27/2023 12:35 PM
Still doesn't work, email template sends a random password that doesn't work, while the password set from the SAP connector works.
04/03/2023 08:50 AM
I checked this and the password we are setting is part of the json. The json gets triggered only when the task is provisioned so it will not be saved in the task itself and we will not be able to send this password in an email. The random password function on the other hand gets generated when the task is created and so can be sent via the email.
04/05/2023 07:49 AM
Hi Sahil,
I'm not sure I'm following this. So what is the password variable to use in the email template?
Thanks,
Aundre
04/05/2023 07:58 AM
The password currently being sent is the default random password that saviynt generates when the task is created. In your scenario, you are using the JSON to send a different password which does not get stored in Saviynt. And so cannot be sent in the email.
04/05/2023 08:01 AM
That sounds like a bug doesn't it? Saviynt should store whatever password is set by the connector otherwise how would you know what the password is unless you hardcode it?
04/11/2023 09:28 AM
Saviynt currently provides the functionality to set Random password based on OOB functionality but in this case you are using the JSON to build a custom function to set the password on top of the random password function Saviynt provides.
As an alternate approach though, can you try to define this same if/else clause in your email template and see if it works.
04/12/2023 06:53 AM
I've tried this already. While it works for the predefined logic, the randompassword logic does not work because the email template still does not match what is being set by the connector.
04/11/2023 07:51 PM
"LOGONDATA": {
"GLTGB": "99991231",
"GLTGV": "${new java.text.SimpleDateFormat('yyyyMMdd').format(new Date())}",
"CODVN" : "X",
"CODVC" : "X",
"CODVS" : "X",
"USTYP": "A",
"CLASS":"${USERGROUPS}"
},
"PASSWORD":{},
04/12/2023 06:54 AM
Hi Rushikesh,
Are you saying to just set the logic on PASSWORD and not BAPIPWD? If so, have you tested this and confirmed it works?
Thanks,
Aundre
06/19/2023 02:56 AM
try hardcoding
"PASSWORD": {
"BAPIPWD": "Welcome@123"
}