Exchange Integration using REST Connector in Saviynt

Use-case requirement:
Use Saviynt REST Connector to invoke/Execute PowerShell script which is placed in Windows Server machine.
PowerShell Scripts connects to Exchange and enables or disables users Exchange account.

REST Connection Details:

ConnectionJSON:
Replace the HOSTNAME and SaviyntWebApp name(based on the Saviynt App name deployed in IIS Server, I have deployed Saviynt app as SaviyntWebApp in the IIS server, you can find the details on how to deploy Saiviynt App in IIS server in the Saviynt Freshdesk documentation) 

If you don't have a script for testConnection.ps1(Place your testConnection.ps1 script in C:\Saviynt\Scripts\ directory) then you can simply replace it with 

"httpParams": "{\"Script\":\"Test-NetConnection HOSTNAME -Port 443\"}"

If you are using hostname instead of IP then make sure the IP to Hostname(DNS) config is in Place on the Saviynt Infra side.


{
  "authentications": {
    "auth": {
      "authError": [
        "InvalidAuthenticationToken",
        "AuthenticationFailed"
      ],
      "authType": "basic",
      "maxRefreshTryCount": 1,
      "properties": {
        "password": "dummyUsername",
        "userName": "dymmyPassword"
      },
      "retryFailureStatusCode": [
        401
      ],
      "testConnectionParams": {
        "http": {
            "url": "https://HOSTNAME:443/SaviyntWebApp/PS/ExecutePSScript",
            "httpHeaders": {
                "Authorization": "${access_token}"
            },
            "httpContentType":"application/x-www-form-urlencoded",
            "httpMethod": "POST",
            "httpParams": "{\"Script\":\"C:\\\\\\\\Saviynt\\\\\\\\Scripts\\\\\\\\testConnection.ps1\"}"
        }
      }
    }
  }
}


CreateAccountJSON

Place your EnableRemoteMailbox.ps1 script in C:\Saviynt\Scripts\ directory


{
   "accountIdPath": "accountName",
   "responseColsToPropsMap": {},
   "call": [
      {
         "name": "call1",
         "connection": "auth",
         "url": "https://HOSTNAME:443/SaviyntWebApp/PS/ExecutePSScript",
         "httpMethod": "POST",
         "httpParams": "{\"Script\":\"C:\\\\\\\\Saviynt\\\\\\\\Scripts\\\\\\\\EnableRemoteMailbox.ps1 -AccountName ${com.ghrutilities.Utility.getAccountAttribute(user.username, 'ActiveDirectory', 'name')} -UserPrincipalName ${com.ghrutilities.Utility.getAccountAttribute(user.username, 'ActiveDirectory', 'customproperty1')} \"}",
         "httpHeaders": {
            "Authorization": ""
         },
         "httpContentType": "application/x-www-form-urlencoded",
         "SuccessResponses": {
            "": [
               "Success"
            ]
         },
         "unsuccessResponses": {
            "responseMessage": [
               "Failed"
            ]
         }
      }
   ]
}


Place your EnableRemoteMailbox.ps1 script in C:\Saviynt\Scripts\ directory

Here, I am using custom java code(which can be downloaded from here, and you are free to use) to fetch attributes from the AD account and pass them to scripts as arguments, you can adjust and update the arguments according to your requirement.

EnableAccountJSON

{
  "call": [
     {
        "name": "call1",
        "connection": "auth",
         "url": "https://HOSTNAME:443/SaviyntWebApp/PS/ExecutePSScript",
        "httpMethod": "POST",
        "httpParams": "{\"Script\":\"C:\\\\\\\\Saviynt\\\\\\\\Scripts\\\\\\\\EnableRemoteMailbox.ps1 -AccountName ${com.ghrutilities.Utility.getAccountAttribute(user.username, 'ActiveDirectory_Telecom', 'name')} -UserPrincipalName ${com.ghrutilities.Utility.getAccountAttribute(user.username, 'ActiveDirectory_Telecom', 'customproperty16')} \"}",
        "httpHeaders": {
           "Authorization": ""
        },
        "httpContentType": "application/x-www-form-urlencoded",
        "SuccessResponses": {
           "": [
              "Success"
           ]
        },
        "unsuccessResponses": {
           "responseMessage": [
              "Failed"
           ]
        }
     }
  ]
}

Place your EnableRemoteMailbox.ps1 script in C:\Saviynt\Scripts\ directory

Here, I am using custom java code(which can be downloaded from here, and you are free to use) to fetch attributes from the AD account and pass them to scripts as arguments, you can adjust and update the arguments according to your requirement.


DisableAccountJSON

{
  "call": [
     {
        "name": "call1",
        "connection": "auth",
         "url": "https://HOSTNAME:443/SaviyntWebApp/PS/ExecutePSScript",
        "httpMethod": "POST",
        "httpParams": "{\"Script\":\"C:\\\\\\\\Saviynt\\\\\\\\Scripts\\\\\\\\DisableRemoteMailbox.ps1 -AccountName ${com.ghrutilities.Utility.getAccountAttribute(user.username, 'ActiveDirectory_Telecom', 'name')}\"}",
        "httpHeaders": {
           "Authorization": ""
        },
        "httpContentType": "application/x-www-form-urlencoded",
        "SuccessResponses": {
           "": [
              "Success"
           ]
        },
        "unsuccessResponses": {
           "responseMessage": [
              "Failed"
           ]
        }
     }
  ]
}



Comments

Popular posts from this blog

Updating User custom property labels in Saviynt

How to update Endpoint(Account) Custom property labels in Saviynt