Saviynt Forums

sudeshjaiswal · ‎09/06/2023

Use Case

FAQ – Provisioning JSONs

Pre-requisites

Connector

Applicable Version(s)

All

Solution

1. How to pass different value to the target based on source of the task?

Ans: If a different attribute is required to be passed in case of birthright provisioning and another user property is supposed to be passed when the task is created by a request (ARS), the task can be differentiated based on task source. To pass an attribute based on task source, following Groovy expression can be used.

In the following example, 'userPrincipleName' value is given based on the task source (if the source of the task is REQUEST, then user's system user name followed by '@testlocal.local' value is passed to the target, else the value stored in user's customproperty21 is passed to the target)

"userPrincipalName": "${if(task.source.equals('REQUEST')){ user.systemUserName+'@testlocal.local'}else{user.customproperty21}}"

2. How to pass multivalued attributes in provisioning JSONs?

Ans: If there is a need to pass different multi-valued attributes to the target and these are stored in endpoint custom-properties, any of the following Groovy scripts can help -

(1) Using a JSON: "objectclass”: ${task.endpoint.customproperty5.split(',').inspect()}

OR

(2) Using JSON Builder: map1.put("objectclass", Arrays.asList(task.endpoint.customproperty5.split("\\s*,\\s*")));

In sited examples, it is assumed the customproperty5 of the specific Endpoint holds the values of the of the object class to be passed to the target AD/LDAP.

3. How to compare the current value and new value of a property/parameter in an update account JSON?

Ans: When an end user modifies value(s) for account attribute(s) using Dynamic attributes on the form, the updated value will be part of the Dynamic attributes which are modified and the current value(s) will be available in the customproperty of the account. Hence, we need to compare the current value in the account customproperty with the modified value in the Dynamic attribute value.

Example – Suppose there is a dynamic attribute called Teams which is a multi-select dropdown type of dynamic attribute on the endpoint form and the provisioning JSON expects only new values to be passed into the target via the update account JSON. Hence, we need to find out the difference between the existing value (value in customproperty3) and the new values selected in the dynamic attribute. Below Groovy script can find out the difference between the new value and current value.

${task.accountKey.customproperty3==null?'':task.accountKey.customproperty3.split(',').minus(Teams.split(',')).join(',')}

4. How to fetch certifier details in a ServiceNow/Help Desk ticket using Create Ticket JSON?

Ans: The following Groovy script can be used to fetch the certifier information in the Create Ticket JSON.

${com.saviynt.ecm.identitywarehouse.domain.Users.get(com.saviynt.ecm.campaign.domain.Certification.get(task.sourceId).certifier).username}

${com.saviynt.ecm.identitywarehouse.domain.Users.get(com.saviynt.ecm.campaign.domain.Certification.get(task.sourceId).certifier).email}

${com.saviynt.ecm.identitywarehouse.domain.Users.get(com.saviynt.ecm.campaign.domain.Certification.get(task.sourceId).certifier).displayname}

5. How to fetch the requestor/requested by information in provisioning JSONs?

Ans: The following Groovy expression can be used to fetch the requested by information in the JSONs.

${if(task.requestKey!=null){com.saviynt.ecm.identitywarehouse.domain.Users.get(task?.requestedBy).email}else{'amit.krishnajit@saviynt.com'}}

${if(task.requestKey!=null){com.saviynt.ecm.identitywarehouse.domain.Users.get(task?.requestedBy).username}else{'amit.krishnajit@saviynt.com'}}

6. How to pass values to the target in different attributes/parameters if they are stored in one user attribute by concatenating using a delimiter?

Ans: Split function available in Groovy can be utilized to split the values using the delimiter and then pass the value to the target.

Sample for split function usage:

def x = 'A,B,C,D,E'

println x.split(',')

println x.split(',')[0]

In the above script, x is a variable which holds comma-separated values. The split function can be used to split the values based on the delimiter - comma(,). The split function will return the values in an array format and values can be accessed by passing index number in square-brackets.

For example – if three values are stored by concatenating using pipe (|) delimiter, then we can use following Groovy script to split the values and pass them to the target

"localityName": "${user.customproperty21.split('\\|')[0]}",

"street": "${user.customproperty21.split('\\|')[1]}",

"stateOrProvinceName": "${user.customproperty21.split('\\|')[2]}"

If three values are stored by concatenating using comma (,) delimiter, then we can use following Groovy script to split the values and pass them to the target

"localityName": "${user.customproperty21.split(',')[0]}",

"street": "${user.customproperty21.split(',')[1]}",

"stateOrProvinceName": "${user.customproperty21.split(',')[2]}"

7. How to fetch request ID in the provisioning JSON?

Ans: The following Groovy expression can be used to fetch the request ID to be passed into target.

${if(task.requestKey!=null){task.requestKey?.processinstanceid?.substring(task.requestKey?.processinstanceid?.indexOf('.') + 1, task.requestKey?.processinstanceid?.length())}else if(task.requestKey==null){task.id}}

8. How to compare date type attributes in the provisioning JSONs?

Ans: Please see the following sample scrript for date type comparison in the provisioning JSONs.

def Date startdate = Date.parse("yyyy-MM-dd hh:mm:ss", '2020-10-27 00:00:00')

def x = new java.text.SimpleDateFormat("yyyy-MM-DD").parse(new java.text.SimpleDateFormat("yyyy-MM-DD").format(new Date())).getTime()

def y = new java.text.SimpleDateFormat("yyyy-MM-DD").parse(new java.text.SimpleDateFormat("yyyy-MM-DD HH:mm:ss").format(startdate)).getTime()

print x>=y?true:false

In the above script, startdate is a Date type of variable which holds a sample start date in the same format in which Saviynt stores the user's start/end date values. The variable x is assigned with the value of today's date in milliseconds as getTime() method returns the time in milliseconds format. Similarly, variable y is assigned with the milliseconds value of the startdate. The print statement is used to print if the condition evaluates to true or false when the milliseconds value in variable x is greater than or lower than that of y respectively.

In the below example, the user account control value is passed as 512 when the start date is less than today's date, otherwise 514 is set as the user account control.

"useraccountcontrol": "${if(new java.text.SimpleDateFormat("yyyy-MM-DD").parse(new java.text.SimpleDateFormat("yyyy-MM-DD").format(new Date())).getTime()<new java.text.SimpleDateFormat("yyyy-MM-DD").parse(new java.text.SimpleDateFormat("yyyy-MM-DD").format(user.startdate)).getTime()){514}else{512}}"

9. How to build complex JSONs using JSONBuilder?

Ans: We can use JSON Builder in the following way to perform complex calculations in JSONs and pass them to target systems.

${

Map map1 = new HashMap();

String gname=user.firstname;

gname=gname.replaceAll("[^a-zA-Z0-9]","");

if(gname.size() > 32)

gname=gname.substring(0,32);

map1.put("givenName",gname);

String lastname=user.lastname;

lastname=lastname.replaceAll("[^a-zA-Z0-9]","");

if(lastname.size() > 32)

lastname=lastname.substring(0,32);

map1.put("sn",lastname);

String testmiddlename = user.customproperty52;

if(testmiddlename!=null)

testmiddlename=testmiddlename.replaceAll("[^a-zA-Z0-9]","");

if(testmiddlename!=null)

map1.put("initials",testmiddlename.substring(0,1));

if(testmiddlename==null)

map1.put("initials",testmiddlename);

String sor=user.customproperty15;

if(sor.equals("Canada")&& user.customproperty48!=null)

map1.put("o",user.customproperty48);

else

map1.put("o",user.companyname);

String emp=user.employeeType;

def upn=user.customproperty7+'@'+'test.org';

if(emp.equals("CHANNEL_PARTNER"))

map1.put("userPrincipalName",user.email);

else

map1.put("userPrincipalName",upn);

def dp;

if(emp.equals("SERVICE_PROVIDER") && testmiddlename!=null)

dp=lastname+', '+gname+testmiddlename.substring(0,1)+'(External)';

if(emp.equals("SERVICE_PROVIDER") && testmiddlename == null)

dp=lastname+', '+gname+'(External)';

if((!(emp.equals("SERVICE_PROVIDER")) && testmiddlename!=null))

dp=lastname+', '+gname+testmiddlename.substring(0,1);

if((!(emp.equals("SERVICE_PROVIDER")) && testmiddlename==null))

dp=lastname+', '+gname;

map1.put("displayName",dp);

String company=user.companyname;

if(emp.equals("SERVICE_PROVIDER") && company.equals("Conduent"))

map1.put("msDS-cloudExtensionAttribute1","SV1");

if(emp.equals("SERVICE_PROVIDER") && (company.equals("Test-xyz") || company.equals("Test-abc")))

map1.put("msDS-cloudExtensionAttribute1","CP2");

if(emp.equals("CONTRACT") ||

emp.equals("XAR_CONTRACTOR") ||

emp.equals("XBR_CONTRACTOR") ||

emp.equals("XCL_CONTRACTOR") ||

emp.equals("XDOR_CONTRACTOR") ||

emp.equals("XE_CONTRACTOR") ||

emp.equals("XILE_CONTRACTOR") ||

emp.equals("XMEX_OUTSOURCING") ||

emp.equals("XPE_CONTRACT"))

map1.put("msDS-cloudExtensionAttribute1","CP2");

if(emp.equals("XAR_EMPLOYEE")||

emp.equals("XBR_EMPLOYEE")||

emp.equals("XCL_EMPLOYEE")||

emp.equals("XCL_EMPLOYEE_TEMP")||

emp.equals("XDOR_EMPLOYEE")||

emp.equals("XE_AGENCY")||

emp.equals("test_CANADA")||

emp.equals("test_CONNECT")||

emp.equals("test_CO-OP")||

emp.equals("test_DIRECT_CANADA")||

emp.equals("test_EMPLOYEE")||

emp.equals("test_EXEMPT")||

emp.equals("test_GLOBAL_SERVICES")||

emp.equals("test_INDUSTRIAL")||

emp.equals("test_INTERNATIONAL")||

emp.equals("test_INTERNATIONAL_TEMP")||

emp.equals("test_MODI")||

emp.equals("test_NON_MCTY_INDUSTRIAL")||

emp.equals("test_NON-EXEMPT")||

emp.equals("test_RETIREE")||

emp.equals("test_SECURITY")||

emp.equals("test_SHANGHAI")||

emp.equals("test_TEMP_HIRE")||

emp.equals("XILE_EMPLOYEE")||

emp.equals("XMEX_EMPLOYEE")||

emp.equals("XPE_EMPLOYEE"))

map1.put("msDS-cloudExtensionAttribute1","EP1");

if(user.employeeType && user.customproperty15 && user.customproperty3)

map1.put("test-user-type",UserType);

if(user.employeeType && user.customproperty15)

map1.put("test-user-type",UserType1);

if(user.customproperty15 && user.customproperty3)

map1.put("test-user-type",UserType2);

if(user.employeeType && user.customproperty3)

map1.put("test-user-type",UserType3);

map1.put("co",CountryName);

map1.put("test-countrycode",testCountryCode);

map1.put("countryCode",CountryCode);

map1.put("manager",ManagerDN);

map1.put("description",user.customproperty61);

map1.put("instanceType","4");

map1.put("GroupPriority","2");

map1.put("company",user.companyname);

map1.put("userAccountControl","512");

map1.put("test-person-SOR",user.customproperty15);

map1.put("legacyEmployeeNumber",user.customproperty20);

List list1 = new ArrayList();

list1.add("top");

list1.add("person");

list1.add("organizationalPerson");

list1.add("user");

map1.put("objectclass",list1);

map1.put("sAMAccountName",user.username);

map1.put("employeeType",user.employeeType);

map1.put("test-person-email",user.email);

map1.put("l",user.customproperty37);

map1.put("postalCode",user.regioncode);

map1.put("st",user.state);

map1.put("street",user.street);

map1.put("telephoneNumber",user.phonenumber);

map1.put("preferredLanguage",user.customproperty5);

map1.put("employeeNumber",user.employeeid);

map1.put("c",user.customproperty3);

map1.put("extensionAttribute7",user.customproperty39);

map1.put("extensionAttribute15",user.customproperty26);

map1.put("employeeID",user.customproperty21);

map1.put("msDS-cloudExtensionAttribute2",user.customproperty27);

map1.put("msDS-cloudExtensionAttribute6",user.customproperty30);

map1.put("test-person-disabled",user.customproperty45);

map1.put("test-person-status",user.customproperty2);

map1.put("test-s3-guid",user.customproperty29);

map1.put("test-hr-jobcode",user.customproperty14);

map1.put("test-hr-organizationcode",user.customproperty38);

jsonBuilder = new groovy.json.JsonBuilder(map1);

return jsonBuilder.toString().replace('\\\\','\\');

}

10. For what connectors JSONBuilder can be used?

Ans: We can use JSON Builders in AD/LDAP connector, ADSI connector and DB Connector.

JsonBuilders are tested and working fine for AD/LDAP, ADSI and DB Connectors. Other connectors are yet to be tested

References

iam01 · ‎03/18/2024

jsonBuilder is supported for REST Connection?