Attribute sync on custom connector

clstromgren · January 26, 2023, 6:39pm

We are working on setting up a custom saas connector for aws and are in the process of configuring attribute sync. There seems to be some sort of mismatch (or maybe bug) on the configuration that we are having trouble working through. Here are the details, any help is appreciated.

The attributes are visible in the UI when we go to that page, but when selecting them we get an error on save:

A GET on /beta/sources/2c918086814e69cd01816da8ab716d8a/attribute-sync-config returns

{
    "attributes": [],
    "source": {
        "name": null,
        "id": "2c918086814e69cd01816da8ab716d8a",
        "type": "SOURCE"
    }
}

and doing a PUT with

{
  "source": [
    {
      "type": "SOURCE",
      "id": "2c918086814e69cd01816da8ab716d8a",
      "name": "AWS IAM Identity Center"
    }
  ],
  "attributes": [
    {
      "name": "lastname",
      "displayName": "Last Name",
      "enabled": true,
      "target": "FamilyName"
    }
  ]
}

returns the below, even with the FamilyName being present in account schema

{
    "messages": [
        {
            "locale": "en-US",
            "text": "A target account attribute \"FamilyName\" is missing from the sources account schema.",
            "localeOrigin": "REQUEST"
        },
        {
            "locale": "en-US",
            "text": "A target account attribute \"FamilyName\" is missing from the sources account schema.",
            "localeOrigin": "DEFAULT"
        }
    ],
    "detailCode": "400.1 Bad request content",
    "trackingId": "96db07fc294649a0b4ce43570087bf84"
}

The schema is here

{
	"name": "AWS IAM Identity Center (new)",
	"commands": [
		"std:account:list",
		"std:account:read",
		"std:account:update",
		"std:test-connection",
		"std:entitlement:list"
	],
	"sourceConfig": [
		{
			"type": "menu",
			"label": "Configuration",
			"items": [
				{
					"type": "section",
					"sectionTitle": "Authentication",
					"sectionHelpMessage": "An AWS IAM User is needed to connect to your target Identity Store.",
					"items": [
						{
							"key": "accessKeyId",
							"label": "Access Key ID",
							"type": "text"
						},
						{
							"key": "secretAccessKey",
							"label": "Secret Access Key",
							"type": "secret"
						}
					]
				},
				{
					"type": "section",
					"sectionTitle": "Identity Store Config",
					"sectionHelpMessage": "Information about the Identity Store you are going to be managing.",
					"items": [
						{
							"key": "identityStoreId",
							"label": "Identity Store ID",
							"type": "text"
						},
						{
							"key": "region",
							"label": "AWS Region",
							"type": "text"
						}
					]
				}
			]
		}
	],
	"accountSchema":{
		"displayAttribute": "UserName",
		"identityAttribute": "UserName",
		"attributes":[
			{
				"name": "UserName",
				"type": "string",
				"description": "User Name (upn)"
			},
			{
				"name": "UserId",
				"type": "string",
				"description": "Unique Identifier (guid)"
			},
			{
				"name": "Formatted",
				"type": "string",
				"description": "Friendly Formatted Account Name"
			},
			{
				"name": "FamilyName",
				"type": "string",
				"description": "Last Name"
			},
			{
				"name": "GivenName",
				"type": "string",
				"description": "First Name"
			},
			{
				"name": "MiddleName",
				"type": "string",
				"description": "Middle Name"
			},
			{
				"name": "DisplayName",
				"type": "string",
				"description": "Display Name"
			},
			{
				"name": "NickName",
				"type": "string",
				"description": "First Name"
			},
			{
				"name": "Email",
				"type": "string",
				"description": "Primary Email Address"
			},
			{
				"name": "PreferredLanguage",
				"type": "string",
				"description": "Preferred Language"
			},
			{
				"name": "Locale",
				"type": "string",
				"description": "Country Code"
			},
			{
				"name": "entitlements",
				"type": "string",
				"entitlement": true,
				"managed": true,
				"multi": true,
				"description": "The AWS IAM Identity Center SSO groups that the account belongs to"
			}
		]
	},
	"entitlementSchemas": [
		{
			"type": "group",
			"displayAttribute": "DisplayName",
			"identityAttribute": "GroupId",
			"attributes": [
				{
					"name": "GroupId",
					"type": "string",
					"description": "Unique Identifier (guid)"
				},
				{
					"name": "displayName",
					"type": "string",
					"description": "Display Name"
				},
				{
					"name": "description",
					"type": "string",
					"description": "Description"
				}
			]
		}
	],
	"accountCreateTemplate": {
		"fields": [
			{
				"key": "UserName",
				"label": "UserName",
				"type": "string",
				"required": true,
				"initialValue": {
					"type": "identityAttribute",
					"attributes": {
						"name": "email"
					}
				}
			},
			{
				"key": "FamilyName",
				"label": "FamilyName",
				"type": "string",
				"required": false,
				"initialValue": {
					"type": "identityAttribute",
					"attributes": {
						"name": "lastname"
					}
				}
			},
			{
				"key": "GivenName",
				"label": "GivenName",
				"type": "string",
				"required": true,
				"initialValue": {
					"type": "identityAttribute",
					"attributes": {
						"name": "firstname"
					}
				}
			},
			{
				"key": "DisplayName",
				"label": "DisplayName",
				"type": "string",
				"required": false,
				"initialValue": {
					"type": "identityAttribute",
					"attributes": {
						"name": "displayName"
					}
				}
			},
			{
				"key": "Email",
				"label": "Email",
				"type": "string",
				"required": true,
				"initialValue": {
					"type": "identityAttribute",
					"attributes": {
						"name": "email"
					}
				}
			},
			{
				"key": "PreferredLanguage",
				"label": "PreferredLanguage",
				"type": "string",
				"required": false,
				"initialValue": {
					"type": "identityAttribute",
					"attributes": {
						"name": ""
					}
				}
			},
			{
				"key": "Locale",
				"label": "Locale",
				"type": "string",
				"required": false,
				"initialValue": {
					"type": "static",
					"attributes": {
						"value": "en-US"
					}
				}
			}
		]
	}
}

clstromgren · January 26, 2023, 6:41pm

@matt-lee for notifications

clstromgren · January 31, 2023, 4:11pm

Any feedback on this?

M_rtenH · February 1, 2023, 8:44am

Any chance you’ve edited either the identity attributes or account attributes after configuring attribute sync? I’ve seen that cause issues before

The account attribute “PreferredLanguage” being visible in attribute sync UI but not being mapped to any identity attribute could also cause issues

philip-ellis · February 1, 2023, 2:06pm

Hi Caleb, we are looking into this, and I will let you know if we find anything that can help point you into the right direction.

Topic		Replies	Views
Can't Update Attribute Sync Target Value (Field Name) for JDBC connector ISC Discussion and Questions apis , identity-security-cloud , provisioning , attributes	3	207	July 15, 2024
SaaS Connectivity - Attribute Sync ISC Discussion and Questions saas-connector , identity-security-cloud	5	365	January 14, 2024
Manual sync for SaaS Connectivity connector ISC Discussion and Questions saas-connector , identity-security-cloud	6	280	January 30, 2024
Attribute Name not found during Attribute Sync ISC Discussion and Questions webservice-connector , rules , identity-security-cloud , provisioning	6	45	December 28, 2024
Put-source-attr-sync-config - 400 - Identity Profile Attribute Missing ISC Discussion and Questions apis , identity-security-cloud , attributes , sources	6	307	February 6, 2024

Attribute sync on custom connector

Related topics