Webservices | Parent Endpoint to aggregate multiple TYPEs of Entitlements

I am trying to set up multiple Account Aggregation operations in a Web Services type connector where first operation is to fetch all accounts. Following operations would be for fetching entitlements users have. These calls are made per user and the user.id is being passed from the data that is in the response body of first call made to fetch all accounts using Parent Endpoint configuration.

Currently, I have set up 2 Children operations (so total 3) where for both Parent Endpoint is set to the first Account Aggregation operation.
Running Account Aggregation is fetching all accounts and the entitlements from one of the Children operations. However, second one is not fetching any entitlements. I have even tried changing the order of how 2 Child operations appear in configuration, but this had no effect. Still getting the entitlements from only one type (same one irrespective of the order).

I have checked all parameters and they match exactly to the parameters I have used in Postman where I am getting the data for each user.

Has anyone come across such a situation and, if yes, please share how did you manage to resolve.

Any help will be highly appreciated

Thanks

I’ve done this a few times, there are three potential issues that I’ve run into:

  1. Have you defined your entitlement schema?
  2. Does your attribute name that you are mapping to match the account attribute not the group attribute? Meaning if your user schema has entitlements called “rolesMemberOf” and “groupsMemberOf” you’d reasonably define your entitlements as “role” and “group”. But in your “Response Mapping” page you need to reference the account attribute names (“rolesMemberOf” not “role”).
  3. Is the response from one of the calls just an array - meaning it starts with an open square bracket and not a curly bracket? I’ve needed an extra rule to parse results in this situation - IdentityNow doesn’t seem to like that format.

Here’s a working example - maybe something will jump out at you:

{
	"httpMethodType": "GET",
	"pagingInitialOffset": 0,
	"sequenceNumberForEndpoint": "2",
	"uniqueNameForEndPoint": "Aggregate Users",
	"curlCommand": null,
	"rootPath": "$.results[*]",
	"body": {
		"bodyFormData": null,
		"jsonBody": null,
		"bodyFormat": "raw"
	},
	"customAuthUrl": null,
	"paginationSteps": "$sysparm_limit$ = 100\nTERMINATE_IF $RECORDS_COUNT$ < $sysparm_limit$\n$sysparm_offset$ = $sysparm_offset$ + $sysparm_limit$\n$endpoint.fullUrl$ = $application.baseUrl$ + $endpoint.relativeURL$ + \"?limit=100&skip=\" + $sysparm_offset$",
	"responseCode": null,
	"resMappingObj": {
		"country": "addresses[?(@.type==\"work\")].country",
		"firstname": "firstname",
		"account_locked": "account_locked",
		"jobTitle": "jobTitle",
		"postalCode": "addresses[?(@.type==\"work\")].postalCode",
		"description": "description",
		"company": "company",
		"id": "_id",
		"state": "state",
		"department": "department",
		"email": "email",
		"alternateEmail": "alternateEmail",
		"manager": "manager",
		"costCenter": "costCenter",
		"locality": "addresses[?(@.type==\"work\")].locality",
		"middlename": "middlename",
		"suspended": "suspended",
		"lastname": "lastname",
		"employeeIdentifier": "employeeIdentifier",
		"employeeType": "employeeType",
		"phoneNumber": "addresses[?(@.type==\"work\")].number",
		"streetAddress": "addresses[?(@.type==\"work\")].streetAddress",
		"displayname": "displayname",
		"location": "location",
		"region": "addresses[?(@.type==\"work\")].region",
		"activated": "activated",
		"username": "username"
	},
	"contextUrl": "/systemusers",
	"pagingSize": 100,
	"curlEnabled": false,
	"header": {
		"Accept": "application/json",
		"x-api-key": "$application.accesstoken$"
	},
	"operationType": "Account Aggregation",
	"xpathNamespaces": null,
	"parentEndpointName": null
},
{
	"httpMethodType": "GET",
	"pagingInitialOffset": 0,
	"sequenceNumberForEndpoint": "3",
	"uniqueNameForEndPoint": "Aggregate Users - Get user_groups",
	"afterRule": null,
	"curlCommand": null,
	"rootPath": "$[*]",
	"body": {
		"bodyFormData": null,
		"jsonBody": null,
		"bodyFormat": "raw"
	},
	"customAuthUrl": null,
	"paginationSteps": null,
	"responseCode": [
		"2**",
		"404"
	],
	"resMappingObj": {
		"user_group": "$.id"
	},
	"contextUrl": "/v2/users/$response.id$/memberof?limit=200",
	"pagingSize": 50,
	"curlEnabled": false,
	"header": {
		"x-api-key": "$application.accesstoken$"
	},
	"operationType": "Account Aggregation",
	"xpathNamespaces": null,
	"parentEndpointName": "Aggregate Users"
},
{
	"httpMethodType": "GET",
	"pagingInitialOffset": 0,
	"sequenceNumberForEndpoint": "4",
	"uniqueNameForEndPoint": "Aggregate Users - Get active_directory",
	"afterRule": null,
	"curlCommand": null,
	"rootPath": "$[*]",
	"body": {
		"bodyFormData": null,
		"jsonBody": null,
		"bodyFormat": "raw"
	},
	"customAuthUrl": null,
	"paginationSteps": null,
	"responseCode": [
		"2**",
		"404"
	],
	"resMappingObj": {
		"active_directory": "to.id"
	},
	"contextUrl": "/v2/users/$response.id$/associations/?targets=active_directory",
	"pagingSize": 50,
	"curlEnabled": false,
	"header": {
		"x-api-key": "$application.accesstoken$"
	},
	"operationType": "Account Aggregation",
	"xpathNamespaces": null,
	"parentEndpointName": "Aggregate Users"
},
{
	"httpMethodType": "GET",
	"pagingInitialOffset": 0,
	"sequenceNumberForEndpoint": "5",
	"uniqueNameForEndPoint": "Aggregate Users - Get g_suite",
	"afterRule": null,
	"curlCommand": null,
	"rootPath": "$[*]",
	"body": {
		"bodyFormData": null,
		"jsonBody": null,
		"bodyFormat": "raw"
	},
	"customAuthUrl": null,
	"paginationSteps": null,
	"responseCode": [
		"2**",
		"404",
		"500"
	],
	"resMappingObj": {
		"g_suite": "to.id"
	},
	"contextUrl": "/v2/users/$response.id$/associations/?targets=g_suite",
	"pagingSize": 50,
	"curlEnabled": false,
	"header": {
		"x-api-key": "$application.accesstoken$"
	},
	"operationType": "Account Aggregation",
	"xpathNamespaces": null,
	"parentEndpointName": "Aggregate Users"
}

Thanks @KevinHarrington
You sharing your code really helped

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.