Saviynt Forums

Alex · ‎03/19/2024

Hi,
as proposed we try to replace our custom query jobs with the different methods listed. One of them is taking care of the job based on the Sav4Sav REST Connector.
Setup:
1. Creation of Analytics Report
2. Configuration of importUserJSON
3. Configuration of UpdateUserJSON
4. Creation of Update User Rule

What is working:
1,2,4 are confirmed working. On import the data from the report gets written to the user attribues. The Update User Rule also gets triggered after defined condition is met and creates an Update User Task (Update Login), which is also getting successfully provisioned.

What is not working:
3 - The completed task has not updated the mentioned fields from the report. So the report is working with ImportUserJSON, BUT NOT with UpdateUserJSON.

Which leads me to the following questions:
1. Should it be possible to use UpdateUserJSON with an analytics report to update user attributes?

Currently used UpdateUserJSON:

Spoiler

{

"actions": {

"Update Login": {

"call": [

{

"name": "Update",

"connection": "userAuth",

"url": "[URL]/ECM/api/v5/FetchRuntimeControlsData ",

"httpMethod": "POST",

"httpContentType": "application/json",

"httpParams": "{\"analyticsid\":\"12\"}",

"httpHeaders": {

"Authorization": "${access_token}"

},

"colsToPropsMap": {

"username": "USERNAME~#~char",

"customproperty28": "CUSTOMPROPERTY28~#~char"

},

"userResponsePath": "result",

"pagination": {

"offset": {

"offsetParam": "offset",

"batchParam": "max",

"batchSize": 500,

"totalCountPath": "completeResponseMap.totalcount"

}

]

}

{ "actions": { "Update Login": { "call": [ { "name": "Update", "connection": "userAuth", "url": "[URL]/ECM/api/v5/FetchRuntimeControlsData ", "httpMethod": "POST", "httpContentType": "application/json", "httpParams": "{\"analyticsid\":\"12\"}", "httpHeaders": { "Authorization": "${access_token}" }, "colsToPropsMap": { "username": "USERNAME~#~char", "customproperty28": "CUSTOMPROPERTY28~#~char" }, "userResponsePath": "result", "pagination": { "offset": { "offsetParam": "offset", "batchParam": "max", "batchSize": 500, "totalCountPath": "completeResponseMap.totalcount" } } } ] } } }

Best regards
Alex

[This message has been edited by moderator to disable url hyperlink]

naveenss · ‎03/19/2024

Hi @Alex

The JSON used for UpdateUserJSON is incorrect. Please refer to the second example in the below documentation under UpdateUserJSON. You must have 2 calls in this case.

https://docs.saviyntcloud.com/bundle/Dev-Handbook-REST-v24x/page/Content/Developers-Handbook.htm#imp...

1. First call is to call the analytics control

2. Use the response from the first call to update the user attribute.

Let me know if this helps!

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Alex · ‎03/19/2024

Hi @naveenss ,
thanks for the input. I thought the same, but there is a small thing which does confuse me. In the developers handbook only the example is provided for UpdateAccountJSON, which offers the accountIDPath. If assume the same is not available on the UpdateUserJSON.

Do you have an example query also for UpdateUserJSON?

Thanks!

naveenss · ‎03/19/2024

Hi @Alex Ideally accountIDPath will not be applicable for UpdateUserJSON. Please see the below forum post that might help you.

https://forums.saviynt.com/t5/identity-governance/updateuserjson-is-failing/m-p/80767#M51805

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Alex · ‎03/19/2024

Hi @naveenss , thanks for the confirmation. The mentioned link does not really help as they are using a single call and calling a third party application.
My case would be a multi call on the Sav4Sav connector with UpdateUserJSON.
Also in the doc portal are not really any related articles, same goes for the API reference docu.

Best regards
Alex

Alex · ‎03/20/2024

As I still not able to get this working and don't find any helpful thread or documentation on this topic. I will provide my current try here.

UpdateUserJSON:

Spoiler

		{
		    "actions": {
		        "Update Login": {
		            "call": [
		                {
		                    "name": "call1",
		                    "connection": "userAuth",
		                    "url": "url/ECM/api/v5/FetchRuntimeControlsData",
		                    "httpMethod": "POST",
		                    "httpContentType": "application/json",
		                    "httpParams": "{\"analyticsid\":\"12\",\"attributes\":{\"username\":\"${user.username}\"}}",
		                    "httpHeaders": {
		                        "Authorization": "${access_token}"
		                    },
							"successResponses": {
								"statusCode": [
								200,
								201
							  ]
							}
		                },
						{
							"name": "call2",
							"connection": "userAuth",
							"url": "url/ECM/api/v5/updateUser",
							"httpMethod": "POST",
							"httpParams": "{\"username\":\"${response.call1.result[0].USERNAME}\",\"customproperty28\":\"${response.call1.result[0].CUSTOMPROPERTY28}\"}",
							"httpHeaders": {
							  "Authorization": "${access_token}"
							},
							"httpContentType": "application/json",
							"successResponses": {
								"message": "User Updated Successfully",
								"statusCode": [
								200,
								201
							  ]
							},
							"unsuccessResponses": {
								"statusCode": [
								500,
								403,
								409,
								412
								]
						  	}
						}
		            ]
		        }
		    }
		}

{ "actions": { "Update Login": { "call": [ { "name": "call1", "connection": "userAuth", "url": "url/ECM/api/v5/FetchRuntimeControlsData", "httpMethod": "POST", "httpContentType": "application/json", "httpParams": "{\"analyticsid\":\"12\",\"attributes\":{\"username\":\"${user.username}\"}}", "httpHeaders": { "Authorization": "${access_token}" }, "successResponses": { "statusCode": [ 200, 201 ] } }, { "name": "call2", "connection": "userAuth", "url": "url/ECM/api/v5/updateUser", "httpMethod": "POST", "httpParams": "{\"username\":\"${response.call1.result[0].USERNAME}\",\"customproperty28\":\"${response.call1.result[0].CUSTOMPROPERTY28}\"}", "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "application/json", "successResponses": { "message": "User Updated Successfully", "statusCode": [ 200, 201 ] }, "unsuccessResponses": { "statusCode": [ 500, 403, 409, 412 ] } } ] } } }

Response message of call1:

Spoiler

{
    "result": [
        {
            "USERNAME": "abc12345",
            "CUSTOMPROPERTY28": "teststring"
        }
    ],
    "msg": "Success",
    "displaycount": 1,
    "total": 1,
    "errorCode": 0
}

{ "result": [ { "USERNAME": "abc12345", "CUSTOMPROPERTY28": "teststring" } ], "msg": "Success", "displaycount": 1, "total": 1, "errorCode": 0 }

The task is completed, but the provisioning comments provide the following information:

{"Update Login":{"headers":null,"message":{"errorCode":"1","message":" Users not found with username ${response.call1.result[0].USERNAME}"},"statusCode":412,"description":null,"status":"Failed"}}

It seems like it cannot insert the value from Call1. So either the reference value is wrong or the setup of the depending calls.

Maybe someone can help with sufficient documentation for the updateUserJSON.

Thanks

naveenss · ‎03/20/2024

Hi @Alex , Can you try the below JSON?

	{
	    "actions": {
	        "Update Login": {
	            "call": [{
	                    "name": "Update Login",
	                    "connection": "userAuth",
	                    "url": "url/ECM/api/v5/FetchRuntimeControlsData",
	                    "httpMethod": "POST",
	                    "httpContentType": "application/json",
	                    "httpParams": "{\"analyticsid\":\"12\",\"attributes\":{\"username\":\"${user.username}\"}}",
	                    "httpHeaders": {
	                        "Authorization": "${access_token}"
	                    },
	                    "successResponses": {
	                        "statusCode": [
	                            200,
	                            201
	                        ]
	                    }
	                }, {
	                    "name": "Update Login",
	                    "connection": "userAuth",
	                    "url": "url/ECM/api/v5/updateUser",
	                    "httpMethod": "POST",
	                    "httpParams": "{\"username\":\"${response.'Update Login'.message.result[0].USERNAME}\",\"customproperty28\":\"${response.'Update Login'.message.result[0].CUSTOMPROPERTY28}\"}",
	                    "httpHeaders": {
	                        "Authorization": "${access_token}"
	                    },
	                    "httpContentType": "application/json",
	                    "successResponses": {
	                        "message": "User Updated Successfully",
	                        "statusCode": [
	                            200,
	                            201
	                        ]
	                    },
	                    "unsuccessResponses": {
	                        "statusCode": [
	                            500,
	                            403,
	                            409,
	                            412
	                        ]
	                    }
	                }
	            ]
	        }
	    }
	}

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

rushikeshvartak · ‎03/20/2024

Just thinking how system will know which call 2 execute first ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Alex · ‎03/20/2024

@naveenss This worked! Thank you so much. So for updateUserJSON you are not allowed to name the call with custom values. You need to stick to actions names.

Just theoretically spoken. What would happen, if I include an unrelated third/fourth API call for update login. So more or less as second set of the already existing call. How would it be possible to differ between the different calls, if they are all named 'update login'.

Saviynt Forums

UpdateUserJSON (REST) - Update user attributes based on analytics