and more in a single search tool across platforms. Read the announcement here. |
on 07/24/2023 02:08 PM
How to import security roles and LastLogin under the profile using REST connector.
This article contains the JSONs to be used for the Implementation of the Okta application via the REST Connector.
Below are the JSONs to be used in the case of using the REST connector for the implementation of the Okta Application instead of the OOTB Okta connector.
=================================================================================
Connection Json
=================================================================================
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"url": "https://xxxx.com/api/v1",
"httpMethod": "POST",
"httpParams": {
"client_id": "",
"client_secret": ""
},
"httpHeaders": {
"contentType": "application/json"
},
"httpContentType": "application/json",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "SSWS",
"accessToken": "SSWS abcd"
}
}
}
=================================================================================
ImportAccountEntJSON
=================================================================================
{
"accountParams": {
"connection": "acctAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxx.com/api/v1/users?limit=100",
"httpContentType": "application/json",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}"
}
},
"listField": "",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "id~#~char",
"name": "profile.firstName~#~char",
"customproperty2": "profile.login~#~char",
"customproperty3": "profile.email~#~char",
"customproperty1": "status~#~char"
}
}
}
},
"entitlementParams": {
"processingType": "SequentialAndIterative",
"entTypes": {
"groups": {
"entTypeOrder": 0,
"entTypeLabels": {
"customproperty1": "id"
},
"call": {
"call1": {
"connection": "acctAuth",
"callOrder": 0,
"stageNumber": 0,
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://xxxxx.com/api/v1/groups",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "id~#~char",
"customproperty1": "name~#~char"
},
"apps": {
"entTypeOrder": 1,
"entTypeLabels": {
"customproperty1": "Name",
"customproperty2": "Status"
},
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "https://xxxxx.com/api/v1/apps",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"keyField": "entitlementID",
"colsToPropsMap": {
"entitlementID": "id~#~char",
"entitlement_value": "id~#~char",
"customproperty1": "name~#~char",
"customproperty2": "status~#~char"
}
}
}
}
}
}
}
}
},
"acctEntParams": {
"connection": "acctAuth",
"entTypes": {
"apps": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpEntToAcct",
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://xxxxxx.com/api/v1/apps/${id}/users.json",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"entKeyField": "entitlementID",
"acctIdPath": "id~#~char",
"acctKeyField": "accountID",
"customproperty4": "label~#~char",
"groups": {
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"processingType": "httpEntToAcct",
"http": {
"httpHeaders": {
"Authorization": "${access_token}"
},
"url": "https://xxxxxx.com/api/v1/groups/${id}/users.json",
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "",
"entKeyField": "entitlementID",
"acctIdPath": "id~#~char",
"acctKeyField": "accountID",
"customproperty5": "label~#~char"
}
}
}
}
}
}
}
}
}
===================================================================================================
Create Account Json
===================================================================================================
{
"accountIdPath": "call1.message.id",
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://xxxxx.com/api/v1/users?activate=true",
"httpMethod": "POST",
"httpParams": "{ \"profile\": { \"firstName\": \"${user.firstname}\", \"lastName\": \"${user.lastname}\", \"email\": \"${user.email}\", \"login\": \"${user.email}\" }}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json"
}
]
}
=====================================================================================================
Add Access Json
=====================================================================================================
{
"call": [
{
"name": "Group",
"connection": "acctAuth",
"url": "https://xxxxx.com/api/v1/groups/${entitlementValue.entitlementID}/users/${account.accountID}",
"httpMethod": "PUT",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200
],
"status": "ACTIVE"
}
},
{
"name": "Application",
"connection": "acctAuth",
"url": "https://xxxxx.com/api/v1/apps/${entitlementValue.entitlementID}/users",
"httpMethod": "POST",
"httpParams": " {\"id\": \"${account.accountID}\",\"scope\": \"USER\",\"credentials\": {\"userName\": \"${account.name}\"}}",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200
],
"status": "ACTIVE"
}
}
]
}
===================================================================================================================================
Reamove Access json
===================================================================================================================================
{
"call": [
{
"name": "Group",
"connection": "acctAuth",
"url": "https://xxxxx.com/api/v1/groups/${entitlementValue.entitlementID}/users/${account.accountID}",
"httpMethod": "DELETE",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json"
},
{
"name": "Application",
"connection": "acctAuth",
"url": "https://xxxxx.com/api/v1/apps/${entitlementValue.entitlementID}/users/${account.accountID}",
"httpMethod": "DELETE",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json"
}
]
}
====================================================================================================================================
Enable Account
====================================================================================================================================
{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://xxxxx.com/api/v1/users/${account.accountID}/lifecycle/unsuspend",
"httpMethod": "POST",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json"
}
]
}
===================================================================================================================================
Disable Account
===================================================================================================================================
{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://xxxxx.com/api/v1/users/${account.accountID}/lifecycle/suspend",
"httpMethod": "POST",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json"
}
]
}
====================================================================================================================================
APP ACCOUNT JSON For another REST Connection - New REST Connection Need to be created for APP Account Prov and DeProv
====================================================================================================================================
CreateAccountJSON===========
====================================================================================================================================
{
"accountIdPath": "call1.message.id",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"name": "call1.message.userName~#~char",
"displayName": "call1.message.userName~#~char"
},
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://xxxxx.com/api/v1/apps/${arsTasks.endpoint.customproperty1}/users",
"httpMethod": "POST",
"httpParams": "{\"credentials\" : {\"userName\": \"${user.username}\"},\"id\": \"${user.customproperty1}\", \"scope\": \"USER\", \"profile\": {\"role\":\"user\"}}",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json"
}
]
}
========================================================================================================================
RemoveAccountJSON============
========================================================================================================================
{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://xxxxx.com/api/v1/apps/${endpoints.customproperty1}/users/${user.customproperty1}",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json"
},
{
"name": "call2",
"connection": "acctAuth",
"url": "${response.call1.message.scope.toString()?.equals('GROUP')? response.call1.message._links.group.href+'/users/'+user.customproperty1 :response.call1.message._links.app.href+'/users/'+user.customproperty1}",
"httpMethod": "DELETE",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"successResponses":
{
"statusCode": [204]
}
}
]
}