Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

2 Accounts being created for the same application with different account names

Devesh_Mundhra
New Contributor
New Contributor

Hi Team,

We are trying to configure a REST based connection, as soon as we create a new user as part of the birth right technical rule the create account task is generated by the system for the user. But, the account id is same as the account name - account id is not being generated correctly at the time of creation, as a result of which 2 accounts are being created for the same user in that application. Can someone please assist or help on this issue?

 

Account Import JSON for the connection:-

"accountParams": {
"connection": "userAuth",
"createUsers": false,
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"connection": "userAuth",
"http": {
"url": "xxx-",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"listField": "elements",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "userId~#~char",
"name": "emailAddress~#~char",
"customproperty1": "firstName~#~char",
"customproperty2": "lastName~#~char",
"customproperty3": "emailAddress~#~char",
"customproperty4": "passwordExpirationDate~#~char",
"customproperty6": "userType~#~char",
"customproperty7": "culture~#~char",
"customproperty8": "userId~#~char",
"customproperty22": "#CONST#true~#~char"
}
}
}
}

 

Create Account JSON for the connection - 

{
"accountIdPath": "call1.message.userId",
"dateFormat": "yyyy-MM-dd'T'HH:mm:ssXXX",
"responseColsToPropsMap": {
"customproperty8": "call1.message.userId~#~char"
},
"call": [
{
"name": "call1",
"connection": "userAuth",
"showResponse": true,
"url": "xxx-",
"httpMethod": "POST",
"httpParams": "{\"culture\":\"${String defLang='en-US';String langList='it-IT,en-GB,en-US,de-DE,fr-FR,es-ES,pt-PT,nl-NL,de-CH,zh-CN,zh-TW,ko-KR,ru-RU,ja-JP,es-MX,uk-UA';String usLang=user?.customproperty12.replace('_','-');if(langList.indexOf(usLang) > 0){return usLang;} else {return defLang;}}\",\"email\":\"${user.email}\",\"firstName\":\"${user.firstname}\",\"lastName\":\"${user.lastname}\",\"password\":\"${String pwd = java.util.Base64.getEncoder().encodeToString(password.getBytes()); return pwd;}\"}",
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
},
"unsuccessResponses": {
"statusCode": [
400,
401,
403,
404,
405,
409
]
}
}
]
}

13 REPLIES 13

SB
Saviynt Employee
Saviynt Employee

are the 2 counts getting created as part of the same task?


Regards,
Sahil

No Sahil, only one task is being created as per the birthright rule. And once the task is created the account id is not genereated so at the time of reconcilation the account id is not found and a new account is being created.

Saathvik
All-Star
All-Star

@Devesh_Mundhra : Can you please share the response of your create call in postman?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

@Saathvik - PFA screenshot of the postman call responseScreenshot 2023-11-13 130851.png

SB
Saviynt Employee
Saviynt Employee

@Devesh_Mundhra Please confirm the birthright rule you are using; is it to only create an account in target or is it to add an access to target or both.

Also, confirm if value for userid is getting saved under customproperty8 based on the responseColsToPropsMap you have defined. And if it is also getting stored in the AccountID field.


Regards,
Sahil

@SB - The birthright rule we are using, it is only to create an account in the target. Also, the userid is being saved under the customproperty8 based on the responseColsToPropsMap. And in addition to this, we have noticed that the account which is being created as per the birthright rule after the import job is run that account is set to inactive and a new active is created as I explained earlier.

SB
Saviynt Employee
Saviynt Employee

The above needs to be checked for an account that was created from Saviynt and post which import has not been run.


Regards,
Sahil

@SB - the account that is being created from Saviynt is not generating the correct account id as explained earlier.

@Devesh_Mundhra : If I understand correctly when account is created from Saviynt through Rule it does populate CP8 with right value but not accountID right? 

If so does accountID is null or some random value or it is matching with accountname?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

@Saathvik  - Yes when account is created from Saviynt through Rule it does populate CP8. 

CP8 is the field where accountID is stored and it is matching with the accountname.

accountname = accountID = CP8

@Devesh_Mundhra : Do you have accountname rule on respective endpoint?

Also I thought accountID is not populating correctly when account is created through Rule but your replied stating accountID, accountname and CP8 are same.

If possible can you share the sample data of one such scenario with masked values. I want to see accountname, accountID, CP8 for the account created through rule and through import. Also if possible please share the logs from the import


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

SB
Saviynt Employee
Saviynt Employee

Can you update ConfigJSON param in the REST connection with value {"showLogs":true}. This is to enable additional logging. Post making the change, can you create an account and share the complete provisioning log for the same.


Regards,
Sahil

@SB in the Config JSON - {"showLogs":true} is already added. Will share the complete logs with you.