Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/26/2024 01:36 AM
Hi,
We are integrating saviynt with Sharepoint using 0365 connector and we are following the document Creating an Integration (saviyntcloud.com) but when i am trying to browse website its throwing below error:-
SSL certificate is also binded with the site.
This is the web.config we are using.ClientId and ClientSecret is of Azure AD application.We have only access to one particular site thats why given that in Siteurl.
Please help.
Solved! Go to Solution.
09/26/2024 11:04 AM
09/26/2024 11:29 PM
hi @rushikeshvartak I’m encountering the same issue as described in the post O365 Connector on IIS - Saviynt Forums - 74993. Even after running the access job, I’m still getting the same error mentioned in the forum. Could you please let me know what solution was provided for this issue
09/27/2024 02:58 AM
09/30/2024 01:27 AM
Hi @rushikeshvartak No, the original issue was not resolved, but according to Darshan Jain's comment on the O365 Connector on IIS - Saviynt Forums - 74993 below error message is expected.
I am now able to successfully run the account job. However, when running the access job, I encountered the error Failed-url-/api/GetSiteCollections, apiRequestDetails-{"environment":"Online"}, Error-no protocol: /api/GetSiteCollections .
This issue was resolved by updating the SAVIYNT_CONNECTOR_DOMAIN in connection but I am still unable to fully validate the access import job as the client has updated the Azure secret value, and I am waiting for them to provide the new one. Once I have that, I will proceed with validating the access job
10/02/2024 07:14 AM - edited 10/02/2024 07:15 AM
10/02/2024 11:15 PM
Is it working from postman ?
10/02/2024 11:58 PM
hi @rushikeshvartak No, I tried using both the access token from the SharePoint principal and Azure AD, but I'm getting the same error.
10/03/2024 05:00 AM
hi @rushikeshvartak We have opened port 8443 to connect to the Windows server, where the IIS server and the O365 agent are installed, from the Saviynt SC 2.0 server. After running the access import job again, we are encountering the following error
Exception in callRestWebService - Webservice call failed : PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
10/04/2024 04:21 AM - edited 10/04/2024 05:24 AM
The access import job is now completing successfully after uploading the certificate in Saviynt's certificate management and selecting it in the connection. However, no entitlements are being retrieved from SharePoint.
and some error in logs.
10/04/2024 07:58 PM
10/09/2024 09:51 AM
Hi @rushikeshvartak using classic integration while running access import job ,job is getting successful but no entitlements are coming and in saviynt logs getting below error:-
"groovy.sql.Sql.commit Commit operation not supported when using datasets unless using withTransaction or cacheConnection - attempt to commit ignored"(attached-SharePoint with commit error.txt)
and using design application onboarding integration getting 403 error and access import job is getting failed with the error:-
Failed url-https://*.*.*.*:****/api/GetSiteCollections, apiRequestDetails-{"environment":"Online"} with Error-"Saviynt O365 Connector WebException: The remote server returned an error: (403) Forbidden."(attached-SharePoint Test with 403 error.txt)
using the azure ad access token getting below:-
For Azure AD app we have Sites.ReadWrite.All permissions under Microsoft graph with admin consent.
Below is the connection configuration: -
10/09/2024 10:44 AM
You have missing access. Please work with team and get required access
10/10/2024 01:13 AM
Hi @rushikeshvartak We have followed all the steps outlined in the Creating an Integration (saviyntcloud.com) and granted all the necessary permissions. For the Azure AD app, we have assigned the following permissions, and for the SharePoint service principal, we have provided tenant-level permission with full control. Could you please assist in identifying if any specific permissions might have been missed?
10/10/2024 05:46 AM
Please check with Azure Team on required access
10/18/2024 12:28 AM
Hi @rushikeshvartak The Azure AD team doesn't have detailed information on the specific site permissions needed for Saviynt to access SharePoint Online. We've already assigned Sites.FullControl.All with admin consent but are still encountering an access denied error.
Azure AD permissions:-
when we are validating from rest graph api we are able to get all site,list,file,folder informations but when we are running https://graph.microsoft.com/v1.0/sites/{site-id}/permissions we are getting below response(no data is coming even after sites.FullControl.All permission) .
10/18/2024 11:48 AM
Please raise support ticket for further troubleshooting support agent may help
10/30/2024 08:07 AM
The issue was resolved by reinstalling the O365 agent provided by the Saviynt team from a functioning O365 agent