Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Update organization owner as manager to Azure AD guest accounts

cgowda
New Contributor III
New Contributor III

Hello,

We have a customer requirement to update organization owner as manager to Azure AD guest accounts from saviynt.

We tried below JSON but no luck, CP10 stored the value of owner userprincipalname

{
"call": [
{
"name": "call1",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}/manager/\\$ref",
"httpMethod": "PUT",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/users/${usersManagerObj?.customproperty10}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [200, 201, 204, 205]
}
}
]
}

can anyone suggest alternative way to achieve this?

FYI, we are in 23.9

 

Regards,

Chandan Gowda

 

10 REPLIES 10

rushikeshvartak
All-Star
All-Star
  • Does it work from Postman?
  • Share steps to replicate in Saviynt ? via ARS?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

cgowda
New Contributor III
New Contributor III

I tried smoke test to see the result,

  • updated user CP10 with organization owner AAD GUID
  • triggered update account task
  • Ran WSRETRY job

Share logs


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

cgowda
New Contributor III
New Contributor III

{"headers":null,"message":{"error":{"code":"BadRequest","message":"The request URI is not valid. Since the segment 'users' refers to a collection, this must be the last segment in the request URI or it must be followed by an function or action that can be bound to it otherwise all intermediate segments must refer to a single resource."}},"statusCode":400,"description":null,"status":"Failed"},

Hardcode value and validate


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

cgowda
New Contributor III
New Contributor III

I tried and it worked, also tried the below JSON and worked

{
"name": "call2",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}/manager/$ref",
"httpMethod": "PUT",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/users/${user.customproperty10}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [200, 201, 204, 205]
}
}

 

Now, i need to call 2 URL's with different conditions for update account. i tried below JSON but no luck

{
"call": [
{
"name": "call1",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}",
"httpMethod": "PATCH",
"httpParams": "{\"onPremisesExtensionAttributes\": {\"extensionAttribute9\": \"${user.username}\"}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [200, 201, 204, 205]
}
},
{
"name": "call2",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}/manager/$ref",
"httpMethod": "PUT",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/users/${user.customproperty10}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [200, 201, 204, 205]
}
}
]
}

what will be  condition or logic  needed in call2?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

cgowda
New Contributor III
New Contributor III

If i call individually, both works but if i call together(call1 & call2) it's not

we need to call both call1 and call2 together in UPDATEACCOUTJSON, below is the JSON that i was used

{
"accountIdPath": "call2.message.id",
"call": [
{
"name": "call1",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}",
"httpMethod": "PATCH",
"httpParams": "{\"onPremisesExtensionAttributes\": {\"extensionAttribute9\": \"${user.username}\"}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [200, 201, 204, 205]
}
},
{
"name": "call2",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}/manager/$ref",
"httpMethod": "PUT",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/users/${user.customproperty10}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [200, 201, 204, 205]
}
}
]
}

Please share logs


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

cgowda
New Contributor III
New Contributor III

Below JSON worked,

UPDATEACCOUNTJSON:

{"call": [
{
"name": "call1",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}/manager/\\$ref",
"httpMethod": "PUT",
"httpContentType": "application/json",
"httpParams": "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/users/${managerAccount.accountID}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"successResponses": {
"statusCode": [
204
]
},
"unsuccessResponses": {
"odata~dot#error.code": "Request_BadRequest,Authentication_MissingOrMalformed,Request_ResourceNotFound,Authorization_RequestDenied,Authentication_Unauthoriz"
}
}
]
}