Saviynt Forums

gazanjum · ‎07/14/2023

Hi All,

One of our application team is trying to build a lambda function to substitute the Change Password API as they have 4 different APIs aligned.

To achieve this, could someone let me know what the expected JSON output file is when we pass the ConnectionJSON and ChangePassword JSON. It would be great if someone can share the sample output for both.

@NageshK Could you please help us here.

Regards

Gazala

[This post has been edited by a Moderator to merge two posts]

NageshK · ‎07/20/2023

@gazanjum Thanks for posting your question. To call a lambda from Saviynt, EIC will need sufficient permissions and API Keys as well. I do not think this is supported in any connector as of today. Can you provide more details on the application for which you are trying to implement this?

Thanks,

Nagesh K

gazanjum · ‎07/24/2023

We are trying to implement it for Zscaler, however could you please let me know in general, even if we do not use a lambda function, what will be the expected JSON output file when we pass the ConnectionJSON and ChangePassword JSON(for instance: for Splunk or any other application). It would be great if someone can share the sample output for both.

NageshK · ‎07/27/2023

@gazanjum the output should be the same as what you mention as inputs for these fields for a given connector. However, it is not clear to me on what you are trying to implement here. And as I said before, calling a lambda from connection is not supported.

Thanks

Nagesh K

gazanjum · ‎07/30/2023

Hi Nagesh,

I understand your point, however I would just need the exact format of the output of these JSONs.

Regards

Gazala Anjum

NageshK · ‎08/01/2023

@gazanjum Please check the connectionjson mentioned in this article. Is this what you are looking for? Also, ZScaler connection does not support change password functionality as of today. It only has add access and remove access as given in the article.

https://docs.saviyntcloud.com/bundle/Zscaler-ZPA-Guide/page/Content/Understanding-Integration-betwee...

Thanks

Nagesh K

gazanjum · ‎08/03/2023

Hi Nagesh,

The documentation talks about the how to build Connection JSON however my requirement is when we pass a Connection and ChangePassword JSON in a connector, what is the expected result format for these JSON. This should not be specific to Zscaler but rather generic flow.

Regards

Gazala

NageshK · ‎08/07/2023

@gazanjum I suggest you join the SME call where you can provide more details on what exactly you are looking for.

Thanks,

Nagesh K

NageshK · ‎08/24/2023

@NandiniRana as discussed in SME call today, here is a sample change password json shown for Azure AD. As you can see, the JSON here contains the section "successResponses" which indicates what http responses are considered to be success indicators. So, as long as the API that you are calling (the wrapper you were referring to in the call) returns one of the statuses that is defined in successResponses (you get to define what these success status codes are based on how you build your API), task in saviynt will be considered as successful and get into completed state. :

{
"call": [
{
"name": "call1",
"connection": "AzureADProvisioning",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}",
"httpMethod": "PATCH",
"httpParams": "{\"passwordPolicies\" :\"DisableStrongPassword\",\"passwordProfile\" : {\"password\":\"${password}\",\"forceChangePasswordNextSignIn\": false}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}

Thanks,

Nagesh K

gazanjum · ‎08/25/2023

Hi Nagesh,

We understand this would be the success code when we run ConnectionJSON and ChangePasswordJSON. However, we need to know what would be the response output that gets displayed.

For instance, an encrypted password etc.

Regards

Gazala

NageshK · ‎08/25/2023

@gazanjum It appears that you are getting confused with the client vs target part here. I have explained this to Nandini in SME call yesterday. Please connect with her once.

If your plan is to build a wrapper and call that from Saviynt, Saviynt becomes the client (caller) and your wrapper is the target. Now, Saviynt depends on the http response given by your wrapper. In the wrapper's success response Saviynt will not need any encrypted password or anything else as password is randomly generated from Saviynt side and sent as input to your wrapper. In Error scenarios, you can send an aprpopriate error message in the errorPath section of the JSON (See attached screenshot)

Ex: If the change password gets done successfully at zscaler, wrapper sends us 200. Else, an error code (400, 500, 404, etc.). Saviynt's REST framework will consider change pwd as successful only when your wrapper sends 200 response code. Else, the change pwd task will remain in pending state

Similarly, within your wrapper you will be calling multiple APIs of the target system (zscaler). So, your wrapper becomes the client and zscaler becomes the target. you need to understand the format of the response being output from zscaler to process it.

I hope this will clarify your question.

Thanks

Nagesh K

gazanjum · ‎09/07/2023

Hi Nagesh,

Thank you for explaining this, could we please get on a call and discuss this further. The Tool Team Architect wants to learn more from this discussion.

Regards

Gazala Anjum

Saviynt Forums

Output of ConnectionJOSN and ChangePasswordJSON