I’ve done this a few times, there are three potential issues that I’ve run into:
- Have you defined your entitlement schema?
- Does your attribute name that you are mapping to match the account attribute not the group attribute? Meaning if your user schema has entitlements called “rolesMemberOf” and “groupsMemberOf” you’d reasonably define your entitlements as “role” and “group”. But in your “Response Mapping” page you need to reference the account attribute names (“rolesMemberOf” not “role”).
- Is the response from one of the calls just an array - meaning it starts with an open square bracket and not a curly bracket? I’ve needed an extra rule to parse results in this situation - IdentityNow doesn’t seem to like that format.
Here’s a working example - maybe something will jump out at you:
{
"httpMethodType": "GET",
"pagingInitialOffset": 0,
"sequenceNumberForEndpoint": "2",
"uniqueNameForEndPoint": "Aggregate Users",
"curlCommand": null,
"rootPath": "$.results[*]",
"body": {
"bodyFormData": null,
"jsonBody": null,
"bodyFormat": "raw"
},
"customAuthUrl": null,
"paginationSteps": "$sysparm_limit$ = 100\nTERMINATE_IF $RECORDS_COUNT$ < $sysparm_limit$\n$sysparm_offset$ = $sysparm_offset$ + $sysparm_limit$\n$endpoint.fullUrl$ = $application.baseUrl$ + $endpoint.relativeURL$ + \"?limit=100&skip=\" + $sysparm_offset$",
"responseCode": null,
"resMappingObj": {
"country": "addresses[?(@.type==\"work\")].country",
"firstname": "firstname",
"account_locked": "account_locked",
"jobTitle": "jobTitle",
"postalCode": "addresses[?(@.type==\"work\")].postalCode",
"description": "description",
"company": "company",
"id": "_id",
"state": "state",
"department": "department",
"email": "email",
"alternateEmail": "alternateEmail",
"manager": "manager",
"costCenter": "costCenter",
"locality": "addresses[?(@.type==\"work\")].locality",
"middlename": "middlename",
"suspended": "suspended",
"lastname": "lastname",
"employeeIdentifier": "employeeIdentifier",
"employeeType": "employeeType",
"phoneNumber": "addresses[?(@.type==\"work\")].number",
"streetAddress": "addresses[?(@.type==\"work\")].streetAddress",
"displayname": "displayname",
"location": "location",
"region": "addresses[?(@.type==\"work\")].region",
"activated": "activated",
"username": "username"
},
"contextUrl": "/systemusers",
"pagingSize": 100,
"curlEnabled": false,
"header": {
"Accept": "application/json",
"x-api-key": "$application.accesstoken$"
},
"operationType": "Account Aggregation",
"xpathNamespaces": null,
"parentEndpointName": null
},
{
"httpMethodType": "GET",
"pagingInitialOffset": 0,
"sequenceNumberForEndpoint": "3",
"uniqueNameForEndPoint": "Aggregate Users - Get user_groups",
"afterRule": null,
"curlCommand": null,
"rootPath": "$[*]",
"body": {
"bodyFormData": null,
"jsonBody": null,
"bodyFormat": "raw"
},
"customAuthUrl": null,
"paginationSteps": null,
"responseCode": [
"2**",
"404"
],
"resMappingObj": {
"user_group": "$.id"
},
"contextUrl": "/v2/users/$response.id$/memberof?limit=200",
"pagingSize": 50,
"curlEnabled": false,
"header": {
"x-api-key": "$application.accesstoken$"
},
"operationType": "Account Aggregation",
"xpathNamespaces": null,
"parentEndpointName": "Aggregate Users"
},
{
"httpMethodType": "GET",
"pagingInitialOffset": 0,
"sequenceNumberForEndpoint": "4",
"uniqueNameForEndPoint": "Aggregate Users - Get active_directory",
"afterRule": null,
"curlCommand": null,
"rootPath": "$[*]",
"body": {
"bodyFormData": null,
"jsonBody": null,
"bodyFormat": "raw"
},
"customAuthUrl": null,
"paginationSteps": null,
"responseCode": [
"2**",
"404"
],
"resMappingObj": {
"active_directory": "to.id"
},
"contextUrl": "/v2/users/$response.id$/associations/?targets=active_directory",
"pagingSize": 50,
"curlEnabled": false,
"header": {
"x-api-key": "$application.accesstoken$"
},
"operationType": "Account Aggregation",
"xpathNamespaces": null,
"parentEndpointName": "Aggregate Users"
},
{
"httpMethodType": "GET",
"pagingInitialOffset": 0,
"sequenceNumberForEndpoint": "5",
"uniqueNameForEndPoint": "Aggregate Users - Get g_suite",
"afterRule": null,
"curlCommand": null,
"rootPath": "$[*]",
"body": {
"bodyFormData": null,
"jsonBody": null,
"bodyFormat": "raw"
},
"customAuthUrl": null,
"paginationSteps": null,
"responseCode": [
"2**",
"404",
"500"
],
"resMappingObj": {
"g_suite": "to.id"
},
"contextUrl": "/v2/users/$response.id$/associations/?targets=g_suite",
"pagingSize": 50,
"curlEnabled": false,
"header": {
"x-api-key": "$application.accesstoken$"
},
"operationType": "Account Aggregation",
"xpathNamespaces": null,
"parentEndpointName": "Aggregate Users"
}