Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/14/2023 01:23 AM - last edited on 07/18/2023 04:54 AM by Sunil
Hi All,
One of our application team is trying to build a lambda function to substitute the Change Password API as they have 4 different APIs aligned.
To achieve this, could someone let me know what the expected JSON output file is when we pass the ConnectionJSON and ChangePassword JSON. It would be great if someone can share the sample output for both.
@NageshK Could you please help us here.
Regards
Gazala
[This post has been edited by a Moderator to merge two posts]
07/20/2023 07:00 AM
@gazanjum Thanks for posting your question. To call a lambda from Saviynt, EIC will need sufficient permissions and API Keys as well. I do not think this is supported in any connector as of today. Can you provide more details on the application for which you are trying to implement this?
Thanks,
Nagesh K
07/24/2023 12:15 AM - edited 07/24/2023 12:15 AM
We are trying to implement it for Zscaler, however could you please let me know in general, even if we do not use a lambda function, what will be the expected JSON output file when we pass the ConnectionJSON and ChangePassword JSON(for instance: for Splunk or any other application). It would be great if someone can share the sample output for both.
07/27/2023 07:02 AM
@gazanjum the output should be the same as what you mention as inputs for these fields for a given connector. However, it is not clear to me on what you are trying to implement here. And as I said before, calling a lambda from connection is not supported.
Thanks
Nagesh K
07/30/2023 11:36 PM
Hi Nagesh,
I understand your point, however I would just need the exact format of the output of these JSONs.
Regards
Gazala Anjum
08/01/2023 03:25 PM
@gazanjum Please check the connectionjson mentioned in this article. Is this what you are looking for? Also, ZScaler connection does not support change password functionality as of today. It only has add access and remove access as given in the article.
https://docs.saviyntcloud.com/bundle/Zscaler-ZPA-Guide/page/Content/Understanding-Integration-betwee...
Thanks
Nagesh K
08/03/2023 11:47 PM
Hi Nagesh,
The documentation talks about the how to build Connection JSON however my requirement is when we pass a Connection and ChangePassword JSON in a connector, what is the expected result format for these JSON. This should not be specific to Zscaler but rather generic flow.
Regards
Gazala
08/07/2023 07:02 AM
@gazanjum I suggest you join the SME call where you can provide more details on what exactly you are looking for.
Thanks,
Nagesh K
08/24/2023 05:16 PM
@NandiniRana as discussed in SME call today, here is a sample change password json shown for Azure AD. As you can see, the JSON here contains the section "successResponses" which indicates what http responses are considered to be success indicators. So, as long as the API that you are calling (the wrapper you were referring to in the call) returns one of the statuses that is defined in successResponses (you get to define what these success status codes are based on how you build your API), task in saviynt will be considered as successful and get into completed state. :
{
"call": [
{
"name": "call1",
"connection": "AzureADProvisioning",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}",
"httpMethod": "PATCH",
"httpParams": "{\"passwordPolicies\" :\"DisableStrongPassword\",\"passwordProfile\" : {\"password\":\"${password}\",\"forceChangePasswordNextSignIn\": false}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}
Thanks,
Nagesh K
08/25/2023 01:31 AM
Hi Nagesh,
We understand this would be the success code when we run ConnectionJSON and ChangePasswordJSON. However, we need to know what would be the response output that gets displayed.
For instance, an encrypted password etc.
Regards
Gazala
08/25/2023 09:43 AM
@gazanjum It appears that you are getting confused with the client vs target part here. I have explained this to Nandini in SME call yesterday. Please connect with her once.
If your plan is to build a wrapper and call that from Saviynt, Saviynt becomes the client (caller) and your wrapper is the target. Now, Saviynt depends on the http response given by your wrapper. In the wrapper's success response Saviynt will not need any encrypted password or anything else as password is randomly generated from Saviynt side and sent as input to your wrapper. In Error scenarios, you can send an aprpopriate error message in the errorPath section of the JSON (See attached screenshot)
Ex: If the change password gets done successfully at zscaler, wrapper sends us 200. Else, an error code (400, 500, 404, etc.). Saviynt's REST framework will consider change pwd as successful only when your wrapper sends 200 response code. Else, the change pwd task will remain in pending state
Similarly, within your wrapper you will be calling multiple APIs of the target system (zscaler). So, your wrapper becomes the client and zscaler becomes the target. you need to understand the format of the response being output from zscaler to process it.
I hope this will clarify your question.
Thanks
Nagesh K
09/07/2023 07:35 AM
Hi Nagesh,
Thank you for explaining this, could we please get on a call and discuss this further. The Tool Team Architect wants to learn more from this discussion.
Regards
Gazala Anjum