Webservices | Parent Endpoint to aggregate multiple TYPEs of Entitlements

iam_nithesh · January 17, 2024, 3:44pm

I am trying to set up multiple Account Aggregation operations in a Web Services type connector where first operation is to fetch all accounts. Following operations would be for fetching entitlements users have. These calls are made per user and the user.id is being passed from the data that is in the response body of first call made to fetch all accounts using Parent Endpoint configuration.

Currently, I have set up 2 Children operations (so total 3) where for both Parent Endpoint is set to the first Account Aggregation operation.
Running Account Aggregation is fetching all accounts and the entitlements from one of the Children operations. However, second one is not fetching any entitlements. I have even tried changing the order of how 2 Child operations appear in configuration, but this had no effect. Still getting the entitlements from only one type (same one irrespective of the order).

I have checked all parameters and they match exactly to the parameters I have used in Postman where I am getting the data for each user.

Has anyone come across such a situation and, if yes, please share how did you manage to resolve.

Any help will be highly appreciated

Thanks

KevinHarrington · January 17, 2024, 7:59pm

I’ve done this a few times, there are three potential issues that I’ve run into:

Have you defined your entitlement schema?
Does your attribute name that you are mapping to match the account attribute not the group attribute? Meaning if your user schema has entitlements called “rolesMemberOf” and “groupsMemberOf” you’d reasonably define your entitlements as “role” and “group”. But in your “Response Mapping” page you need to reference the account attribute names (“rolesMemberOf” not “role”).
Is the response from one of the calls just an array - meaning it starts with an open square bracket and not a curly bracket? I’ve needed an extra rule to parse results in this situation - IdentityNow doesn’t seem to like that format.

Here’s a working example - maybe something will jump out at you:

{
	"httpMethodType": "GET",
	"pagingInitialOffset": 0,
	"sequenceNumberForEndpoint": "2",
	"uniqueNameForEndPoint": "Aggregate Users",
	"curlCommand": null,
	"rootPath": "$.results[*]",
	"body": {
		"bodyFormData": null,
		"jsonBody": null,
		"bodyFormat": "raw"
	},
	"customAuthUrl": null,
	"paginationSteps": "$sysparm_limit$ = 100\nTERMINATE_IF $RECORDS_COUNT$ < $sysparm_limit$\n$sysparm_offset$ = $sysparm_offset$ + $sysparm_limit$\n$endpoint.fullUrl$ = $application.baseUrl$ + $endpoint.relativeURL$ + \"?limit=100&skip=\" + $sysparm_offset$",
	"responseCode": null,
	"resMappingObj": {
		"country": "addresses[?(@.type==\"work\")].country",
		"firstname": "firstname",
		"account_locked": "account_locked",
		"jobTitle": "jobTitle",
		"postalCode": "addresses[?(@.type==\"work\")].postalCode",
		"description": "description",
		"company": "company",
		"id": "_id",
		"state": "state",
		"department": "department",
		"email": "email",
		"alternateEmail": "alternateEmail",
		"manager": "manager",
		"costCenter": "costCenter",
		"locality": "addresses[?(@.type==\"work\")].locality",
		"middlename": "middlename",
		"suspended": "suspended",
		"lastname": "lastname",
		"employeeIdentifier": "employeeIdentifier",
		"employeeType": "employeeType",
		"phoneNumber": "addresses[?(@.type==\"work\")].number",
		"streetAddress": "addresses[?(@.type==\"work\")].streetAddress",
		"displayname": "displayname",
		"location": "location",
		"region": "addresses[?(@.type==\"work\")].region",
		"activated": "activated",
		"username": "username"
	},
	"contextUrl": "/systemusers",
	"pagingSize": 100,
	"curlEnabled": false,
	"header": {
		"Accept": "application/json",
		"x-api-key": "$application.accesstoken$"
	},
	"operationType": "Account Aggregation",
	"xpathNamespaces": null,
	"parentEndpointName": null
},
{
	"httpMethodType": "GET",
	"pagingInitialOffset": 0,
	"sequenceNumberForEndpoint": "3",
	"uniqueNameForEndPoint": "Aggregate Users - Get user_groups",
	"afterRule": null,
	"curlCommand": null,
	"rootPath": "$[*]",
	"body": {
		"bodyFormData": null,
		"jsonBody": null,
		"bodyFormat": "raw"
	},
	"customAuthUrl": null,
	"paginationSteps": null,
	"responseCode": [
		"2**",
		"404"
	],
	"resMappingObj": {
		"user_group": "$.id"
	},
	"contextUrl": "/v2/users/$response.id$/memberof?limit=200",
	"pagingSize": 50,
	"curlEnabled": false,
	"header": {
		"x-api-key": "$application.accesstoken$"
	},
	"operationType": "Account Aggregation",
	"xpathNamespaces": null,
	"parentEndpointName": "Aggregate Users"
},
{
	"httpMethodType": "GET",
	"pagingInitialOffset": 0,
	"sequenceNumberForEndpoint": "4",
	"uniqueNameForEndPoint": "Aggregate Users - Get active_directory",
	"afterRule": null,
	"curlCommand": null,
	"rootPath": "$[*]",
	"body": {
		"bodyFormData": null,
		"jsonBody": null,
		"bodyFormat": "raw"
	},
	"customAuthUrl": null,
	"paginationSteps": null,
	"responseCode": [
		"2**",
		"404"
	],
	"resMappingObj": {
		"active_directory": "to.id"
	},
	"contextUrl": "/v2/users/$response.id$/associations/?targets=active_directory",
	"pagingSize": 50,
	"curlEnabled": false,
	"header": {
		"x-api-key": "$application.accesstoken$"
	},
	"operationType": "Account Aggregation",
	"xpathNamespaces": null,
	"parentEndpointName": "Aggregate Users"
},
{
	"httpMethodType": "GET",
	"pagingInitialOffset": 0,
	"sequenceNumberForEndpoint": "5",
	"uniqueNameForEndPoint": "Aggregate Users - Get g_suite",
	"afterRule": null,
	"curlCommand": null,
	"rootPath": "$[*]",
	"body": {
		"bodyFormData": null,
		"jsonBody": null,
		"bodyFormat": "raw"
	},
	"customAuthUrl": null,
	"paginationSteps": null,
	"responseCode": [
		"2**",
		"404",
		"500"
	],
	"resMappingObj": {
		"g_suite": "to.id"
	},
	"contextUrl": "/v2/users/$response.id$/associations/?targets=g_suite",
	"pagingSize": 50,
	"curlEnabled": false,
	"header": {
		"x-api-key": "$application.accesstoken$"
	},
	"operationType": "Account Aggregation",
	"xpathNamespaces": null,
	"parentEndpointName": "Aggregate Users"
}

iam_nithesh · January 20, 2024, 10:15pm

Thanks @KevinHarrington
You sharing your code really helped

system · March 20, 2024, 10:16pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Web Services Connector: Entitlement Endpoint as Parent, Account Endpoint as Child ISC Discussion and Questions webservice-connector , aggregation	7	941	July 19, 2023
Issue with Web Services Connector and entitlements ISC Discussion and Questions webservice-connector , apis , identity-security-cloud	6	293	January 16, 2024
Webservices connector -- Multiple entitlement aggregation ISC Discussion and Questions	1	681	July 19, 2023
Webservices Entitlement Configuration Help ISC Discussion and Questions aggregation , identity-security-cloud , accounts , entitlements	2	435	August 1, 2023
Web Services Connector: Two Endpoints with 1-to-Many Data Relationship for Account Aggregation ISC Discussion and Questions webservice-connector , aggregation	3	728	July 19, 2023

Webservices | Parent Endpoint to aggregate multiple TYPEs of Entitlements

Related Topics