Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Output of ConnectionJOSN and ChangePasswordJSON

gazanjum
Regular Contributor
Regular Contributor

Hi All,

One of our application team is trying to build a lambda function to substitute the Change Password API as they have 4 different APIs aligned.

To achieve this, could someone let me know what the expected JSON output file is when we pass the ConnectionJSON and ChangePassword JSON. It would be great if someone can share the sample output for both.

@NageshK  Could you please help us here.

Regards

Gazala

[This post has been edited by a Moderator to merge two posts]

11 REPLIES 11

NageshK
Saviynt Employee
Saviynt Employee

@gazanjum Thanks for posting your question. To call a lambda from Saviynt, EIC will need sufficient permissions and API Keys as well. I do not think this is supported in any connector as of today. Can you provide more details on the application for which you are trying to implement this? 

Thanks,

Nagesh K 

gazanjum
Regular Contributor
Regular Contributor

We are trying to implement it for Zscaler, however could you please let me know in general, even if we do not use a lambda function, what will be the expected JSON output file when we pass the ConnectionJSON and ChangePassword JSON(for instance: for Splunk or any other application). It would be great if someone can share the sample output for both.

NageshK
Saviynt Employee
Saviynt Employee

@gazanjum the output should be the same as what you mention as inputs for these fields for a given connector. However, it is not clear to me on what you are trying to implement here. And as I said before, calling a lambda from connection is not supported. 

Thanks

Nagesh K

gazanjum
Regular Contributor
Regular Contributor

Hi Nagesh,

I understand your point, however I would just need the exact format of the output of these JSONs.

Regards

Gazala Anjum

NageshK
Saviynt Employee
Saviynt Employee

@gazanjum Please check the connectionjson mentioned in this article. Is this what you are looking for? Also, ZScaler connection does not support change password functionality as of today. It only has add access and remove access as given in the article. 

https://docs.saviyntcloud.com/bundle/Zscaler-ZPA-Guide/page/Content/Understanding-Integration-betwee...

Thanks

Nagesh K

gazanjum
Regular Contributor
Regular Contributor

Hi Nagesh,

The documentation talks about the how to build Connection JSON however my requirement is when we pass a Connection and ChangePassword JSON in a connector, what is the expected result format for these JSON. This should not be specific to Zscaler but rather generic flow.

Regards

Gazala

NageshK
Saviynt Employee
Saviynt Employee

@gazanjum I suggest you join the SME call where you can provide more details on what exactly you are looking for. 

Thanks,

Nagesh K 

NageshK
Saviynt Employee
Saviynt Employee

@NandiniRana as discussed in SME call today, here is a sample change password json shown for Azure AD. As you can see, the JSON here contains the section "successResponses" which indicates what http responses are considered to be success indicators. So, as long as the API that you are calling (the wrapper you were referring to in the call) returns one of the statuses that is defined in successResponses (you get to define what these success status codes are based on how you build your API), task in saviynt will be considered as successful and get into completed state. :

{
"call": [
{
"name": "call1",
"connection": "AzureADProvisioning",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}",
"httpMethod": "PATCH",
"httpParams": "{\"passwordPolicies\" :\"DisableStrongPassword\",\"passwordProfile\" : {\"password\":\"${password}\",\"forceChangePasswordNextSignIn\": false}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}
]
}

 

Thanks,

Nagesh K

gazanjum
Regular Contributor
Regular Contributor

Hi Nagesh,

We understand this would be the success code when we run ConnectionJSON and ChangePasswordJSON. However, we need to know what would be the response output that gets displayed.

For instance, an encrypted password etc.

 

Regards

Gazala

NageshK
Saviynt Employee
Saviynt Employee

@gazanjum It appears that you are getting confused with the client vs target part here. I have explained this to Nandini in SME call yesterday. Please connect with her once. 

If your plan is to build a wrapper and call that from Saviynt, Saviynt becomes the client (caller) and your wrapper is the target. Now, Saviynt depends on the http response given by your wrapper. In the wrapper's success response Saviynt will not need any encrypted password or anything else as password is randomly generated from Saviynt side and sent as input to your wrapper. In Error scenarios, you can send an aprpopriate error message in the errorPath section of the JSON  (See attached screenshot)

Ex:  If the change password gets done successfully at zscaler, wrapper sends us 200. Else, an error code (400, 500, 404, etc.). Saviynt's REST framework will consider change pwd as successful only when your wrapper sends 200 response code. Else, the change pwd task will remain in pending state

Similarly, within your wrapper you will be calling multiple APIs of the target system (zscaler). So, your wrapper becomes the client and zscaler becomes the target. you need to understand the format of the response being output from zscaler to process it. 

NageshK_0-1692981717382.png

I hope this will clarify your question. 

Thanks

Nagesh K

gazanjum
Regular Contributor
Regular Contributor

Hi Nagesh,

Thank you for explaining this, could we please get on a call and discuss this further. The Tool Team Architect wants to learn more from this discussion.

Regards

Gazala Anjum