Saviynt to JSM Assets

Import users, groups, roles and other attributes from Saviynt to JSM Assets.

Configure the connection to Saviynt by going to OnLink (Manage your apps) - Connections.

Once connection is established, please review instructions here to get started with setting up an Assets import configuration. You can then access OnLink app from the “Manage your apps” menu to further configure and set the field level mapping. OnLink supports any Saviynt “GET” API. API docs are available here: https://docs.saviyntcloud.com/bundle/API-Reference-Guide/page/Content/API-References.htm .

Here’s an example mapping configuration for Users where any field available in this API (Identity Administration - Users - Get List of Users) can be used to map to Asset object.

key:username=Username
map:firstname=Firstname
map:lastname=Lastname

Here’s a breakdown of some of the mapping configuration items:

Key or Map	Description

Key or Map	Description
`key:username=Username`	The keyword “key” refers to using username as a unique identifier. This allows OnLink to update the record. Any other unique field (e.g. user id, email address) can be used as the key.
`map:email=User`	Maps email to User which can be an attribute of type User i.e., Atlassian User object
`config:filter=accountExpired:0`	Set search filter to limit users returned. This is a required field when getting users. “userQuery” attribute can be set e.g. `config:filter=firstname like 'Ally'`
`config:data_source`	OnLink calls the “Get List of Users” API by default. However data_source config parameter allows you to change the API to other Saviynt APIs. Use it in conjunction with section and http_method parameters. For e.g, to use getUser api, use below config: `config:data_source=getUser` `config:section=userdetails`<- from API response (array element) `config:http_method=POST` `config:filter=user.statuskey = 1 AND user.employeeid IS NOT NULL` Here’s an example to get organizations info: Identity Administration - Organization - Get Organization. `key:organizationname=OrgName` `map:customproperty17=Custom` `map:parentorganization=Parent` `config:data_source=getOrganization` `config:section=organizations` Here’s an example for user roles: Identity Administration - Users - Get Flat Response Role Details For User: `key:rolekey=Username` `map:roledisplayname=RoleDisplay` `map:rolename=RoleName` `config:data_source=getRoleDetailsforUsers` `config:section=roleDetails` Here’s an example for Get List of Entitlement Types API - {{url}}/ECM/{{path}}/getEntitlementTypes `key:entitlementname=entitlementname` `map:endpoint=endpoint` `config:data_source=getEntitlementTypes` ← from API URL `config:section=entitlementTypeDetails` ← from API response (array element) `config:page_size=200` ← can increase based on Saviynt API limits Here’s an example for getEndpoints `config:data_source=getEndpoints` `config:section=endpoints` `config:http_method=POST` `config:filterKey=status` ← sets status=1 in filtercriteria `config:filterValue=1` Example for getEntitlements `config:data_source=getEntitlements` `config:section=Entitlementdetails` `config:http_method=POST` `config:filterKey=entQuery` `config:filterValue=ent.status=1` If a Saviynt API is an HTTP Post method, then set `config:http_method=POST` Other Saviynt API sources can be added in a similar way.
Get user role and entitlements	To get roles (or entitlements) assigned to users, follow below mapping example. OnLink first gets all users by making getUser call, and then makes getRoles API call for each user. User + Roles mapping example: `config:data_source=getUser` `config:section=userdetails` `config:expand=roles` `config:http_method=POST` `key:username=<your_obj_attr>` `map:user_roles=<roles_obj_attr>\|Name=user_roles` # <roles_obj_attr> is an attribute that should be a reference to Roles object, with cardinality set to more than 1 User + Entitlements mapping example: `config:data_source=getUser` `config:section=userdetails` `config:expand=entitlements` `config:http_method=POST` `key:username=<your_obj_attr>` `map:user_entitlements=<ents_obj_attr>\|Name=user_entitlements` # <ents_obj_attr> is an attribute that should be a reference to Entitlements object, with cardinality set to more than 1
`config:api=v5`	(optional). By default, OnLink uses the version specified in the URL when setting up the connection. However this config parameter allows you to overwrite that version.
`config:filterKey` `config:filterValue`	(optional) set additional filter criteria e.g. config:filterKey=filtercriteria config:filterValue=supported api filtercriteria format

OnLink processes data in two steps - Get Data and Import Data. To manually test, you can click on Get Data first and then wait until you see “No more pending records. Data will be imported on next Import run.” message in Job Logs. Then, click on Import. Production runs are fully automated based on the schedule you choose.