Group Aggregation issue on Webservice connector with OAuth2 and Client credential

Hi all,
We have IdeneityIQ 7.3p7 version, configured for an application using Webservices connector, OAuth2 and Client credential Grand Type.
We could aggregate accounts using Coupa API /users without any issue the return object for the /users endpoint will have the roles assigned to the users.
The issue is Coupa API does not have Roles(Groups) to use it for the Group Aggregation.
Here the brief users JSON response as you can see for each user there are roles assigned. Is there away to aggregate Roles using User’s role and aggregate them as a Group Aggregation task?

[
    {
        "id": 81,
        "login": "[email protected]",
        "email": "[email protected]",
        "supply-chain-user": false,
        ....
        "roles": [
            {
                "id": 2,
                "created-at": "2011-08-",
                "updated-at": "2011-08-",
                "name": "Admin",
                "description": " the application",
                "omnipotent": true,
                "system-role": true,
                "updated-by": {
                    "id": 1,
                    "login": "coupasupport",
                    ...
                }
            },
            {
                "id": 3,
                "created-at": "2011-08-05T11:46:31-05:00",
                "updated-at": "2011-08-05T11:46:31-05:00",
                "name": "User",
                "description": "Standard role",
                "updated-by": {
                    "id": 1,
                    "login": "support",
                    "email": "[email protected]",
                    "employee-number": null,
                   .......
                }
            },
            {
                "id": 119,
                "created-at": "2015-09-",
                "updated-at": "2015-09",
                "name": "Upgrade",
                "description": "Gets",
                    ..
                "updated-by": {
                    "id": 1,
                    "login": "coupasupport",
                    "email": "[email protected]",
                    "employee-number": null,
                    "firstname": "Coupa",
                    "lastname": "Support",
                    "fullname": "Coupa Support",
                    "salesforce-id": null,
                    "avatar-thumb-url": null
                }
            }
        ],
		.....
		,
    {
        "id": 98,
        "created-at": "2022-05-",
        "updated-at": "2022-08-",
        "login": "[email protected]",
        "email": "[email protected]",
        "purchasing-user": true,
       ........
        "roles": [
            {
                "id": 2,
                "created-at": "2011-08-0",
                "updated-at": "2011-08-0",
                "name": "Admin",
              
			   "description": "system",
			   .....
               updated-by": {
                    "id": 1,
					....
                    }
            }
			]
			......
		
}
}
}

Thanks for your help,
Massoud

You don’t need to aggregate groups. Use “Promote managed attributes” in the account aggregations. Make sure you have “roles” as a multi-valued managed entitlement attribute in the account schema and has its own object schema.
You can write a rule to deal with the promoted attributes.
Hope that helps.
Pasha

1 Like

Hi Pasha,
Thanks for your prompt reply. We are using Accelerator Pack with our IdentityIQ7.3. and already using “Rule-FrameWork-Promote-Managed-Attribute” rule for this application.
Attached my Account and group schema related to the group. Also on the Response Attribute Mapping for account aggregation we have:
roleId =Roles[].id
RoleName=Roles[
].name

Thanks for your help.
Massoud