Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

UpdateAccountJSON for task triggered from User Update Rule

mgandr
New Contributor III
New Contributor III

Hello,

I have the following requirements:

  • Enable the updating of userType through ARS.
  • Configure the User Update Rule to modify other attributes like Title, email, username, etc. Problem: When an update account task is initiated from a request, it completes successfully after the provisioning job runs. However, if the update account task is triggered from a rule, an error occurs on the additional call that I configured.
    Can someone assist in implementing additional logic, for example, if arstasks.REQUESTACCESSKEY is null, then skip the last call.

 

{
    "call": [
        {
            "name": "call1",
            "connection": "acctAuth",
            "url": "https://ABC.com/scim/v2/Users/${account.accountID}",
            "httpMethod": "PUT",
            "httpContentType": "application/json",
            "httpParams": "{\"userName\": \"${user.customproperty1}\",\"name\": {\"givenName\": \"${user.firstname}\",\"familyName\": \"${user.lastname}\"},\"emails\": [{\"primary\": \"true\",\"value\": \"${user.email}\",\"type\": \"work\"}],\"displayName\": \"${user.displayname}\",\"locale\": \"en\",\"timezone\": \"${user.city}\",\"title\": \"${user.title}\",\"addresses\": [{\"type\": \"work\",\"primary\": \"true\",\"value\": \"${user.street}, ${user.city}\"}]}",
            "httpHeaders": {
                "Authorization": "${access_token}"
            },
            "successResponses": {
                "statusCode": [
                    200,
                    204
                ]
            }
        },
        {
            "name": "call2",
            "connection": "acctAuth",
            "url": "https://ABC.com/scim/v2/Users/${account.accountID}",
            "httpMethod": "PATCH",
            "httpContentType": "application/json",
            "httpParams": "{\"Operations\": [{\"op\": \"replace\",\"value\": {\"userType\": \"${requestAccessAttributes.get('RoleAccess') == 'IT admin' ? '1346' : (requestAccessAttributes.get('RoleAccess') == 'IT viewer' ? '1312' : requestAccessAttributes.get('RoleAccess'))}\"}}]}",
            "httpHeaders": {
                "Authorization": "${access_token}"
            },
            "successResponses": {
                "statusCode": [
                    200,
                    204
                ]
            }
        }
    ]
}​

 

3 REPLIES 3

NM
Honored Contributor II
Honored Contributor II

Try this @mgandr 

{

            "name": "call2",

            "connection": "acctAuth",

            "url": "${(arsTasks.source=='Request')?'https://ABC.com/scim/v2/Users/account.accountID':''}"

            "httpMethod": "PATCH",

            "httpContentType": "application/json",

            "httpParams": "{\"Operations\": [{\"op\": \"replace\",\"value\": {\"userType\": \"${requestAccessAttributes.get('RoleAccess') == 'IT admin' ? '1346' : (requestAccessAttributes.get('RoleAccess') == 'IT viewer' ? '1312' : requestAccessAttributes.get('RoleAccess'))}\"}}]}",

            "httpHeaders": {

                "Authorization": "${access_token}"

            },

            "successResponses": {

                "statusCode": [

                    200,

                    204

                ]

            }

        }

    ]

}

rushikeshvartak
All-Star
All-Star

Use callcondition

{
    "call": [
        {
            "name": "call1",
            "connection": "acctAuth",
"callCondition": "${arstasksObj?.source == 'REQUEST'}",
            "url": "https://ABC.com/scim/v2/Users/${account.accountID}",
            "httpMethod": "PUT",
            "httpContentType": "application/json",
            "httpParams": "{\"userName\": \"${user.customproperty1}\",\"name\": {\"givenName\": \"${user.firstname}\",\"familyName\": \"${user.lastname}\"},\"emails\": [{\"primary\": \"true\",\"value\": \"${user.email}\",\"type\": \"work\"}],\"displayName\": \"${user.displayname}\",\"locale\": \"en\",\"timezone\": \"${user.city}\",\"title\": \"${user.title}\",\"addresses\": [{\"type\": \"work\",\"primary\": \"true\",\"value\": \"${user.street}, ${user.city}\"}]}",
            "httpHeaders": {
                "Authorization": "${access_token}"
            },
            "successResponses": {
                "statusCode": [
                    200,
                    204
                ]
            }
        },
        {
            "name": "call2",
            "connection": "acctAuth",
            "url": "https://ABC.com/scim/v2/Users/${account.accountID}",
            "httpMethod": "PATCH",
"callCondition": "${arstasksObj?.source == 'PROVRULE'}",


            "httpContentType": "application/json",
            "httpParams": "{\"Operations\": [{\"op\": \"replace\",\"value\": {\"userType\": \"${requestAccessAttributes.get('RoleAccess') == 'IT admin' ? '1346' : (requestAccessAttributes.get('RoleAccess') == 'IT viewer' ? '1312' : requestAccessAttributes.get('RoleAccess'))}\"}}]}",
            "httpHeaders": {
                "Authorization": "${access_token}"
            },
            "successResponses": {
                "statusCode": [
                    200,
                    204
                ]
            }
        }
    ]
}​

 

Refer https://forums.saviynt.com/t5/identity-governance/skip-the-service-now-ticket-creation-if-task-sourc... 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Thanks for your help. It worked after adding the call condition.