tools4everbv / helloid-conn-prov-target-topdesk Goto Github PK

When we don't use a field, we don't provide it in the mapping (account) object.
However, if I outcomment (or remove) the field budgetHolder, like so:

# Account mapping. See for all possible options the Topdesk 'supporting files' API documentation at
# https://developers.topdesk.com/explorer/?page=supporting-files#/Persons/createPerson
$account = [PSCustomObject]@{
    surName             = (New-TopdeskName -Person $p).surname      # Generate surname according to the naming convention code.
    prefixes            = (New-TopdeskName -Person $p).prefixes
    firstName           = $p.Name.NickName
    firstInitials       = (New-TopdeskName -Person $p).initials     # Generate initials max 10 char
    gender              = New-TopdeskGender -Person $p
    email               = $p.Accounts.MicrosoftActiveDirectory.mail
    employeeNumber      = $p.ExternalId
    networkLoginName    = $p.Accounts.MicrosoftActiveDirectory.UserPrincipalName
    tasLoginName        = $p.Accounts.MicrosoftActiveDirectory.UserPrincipalName    # When setting a username, a (dummy) password could be mandatory
    #password            = (Get-RandomCharacters -length 10 -characters 'ABCDEFGHKLMNOPRSTUVWXYZ1234567890')
    jobTitle            = $p.PrimaryContract.Title.Name
    branch              = @{ lookupValue = $p.PrimaryContract.Location.Name }
    department          = @{ lookupValue = $p.PrimaryContract.Department.DisplayName }
    # budgetHolder        = @{ lookupValue = $p.PrimaryContract.CostCenter.Name }
    isManager           = $false # When the HelloID source provides an isManager boolean: $p.Custom.isManager
    manager             = @{ id = $mRef }
    #showDepartment      = $true
    showAllBranches     = $true
}

The function Get-TopdeskBudgetHolder to query the Topdesk budgetholder ID is still performed and returns the following error:
Requested to lookup budgetholder, but budgetholder.lookupValue is missing. This is a scripting issue.

IMO this should not be the case. We should only query and use the provided fields of the mapping (account) object.

This can be easily solved by changing this:

    # Resolve budgetholder id
    $splatParamsBudgetHolder = @{
        Account                   = [ref]$account
        AuditLogs                 = [ref]$auditLogs
        Headers                   = $authHeaders
        BaseUrl                   = $config.baseUrl
        lookupErrorHrBudgetHolder = $config.lookupErrorHrBudgetHolder
        lookupErrorTopdesk        = $config.lookupErrorTopdesk
    }
    Get-TopdeskBudgetholder @splatParamsBudgetHolder

To this:

    if($null -ne $Account.budgetHolder){
        # Resolve budgetholder id
        $splatParamsBudgetHolder = @{
            Account                   = [ref]$account
            AuditLogs                 = [ref]$auditLogs
            Headers                   = $authHeaders
            BaseUrl                   = $config.baseUrl
            lookupErrorHrBudgetHolder = $config.lookupErrorHrBudgetHolder
            lookupErrorTopdesk        = $config.lookupErrorTopdesk
        }
        Get-TopdeskBudgetholder @splatParamsBudgetHolder
    }

The example given is for budgetholder, but this should be for every field (that isn't required).

'ofs' in the The Get-RandomCharacters function is not supported in PowerShell core 7 (cloud agent). Please adjust this function.

Remove the ofs-part from the function.

Manager assignment when mRef is empty is not working in create script.

missing the fieldmapping. With the functionality to import/export mapping, this should be the default by now. Please add the missing mapping file.

Please add

# Skip action if no delete fields are configured
            if (-Not([string]::IsNullOrEmpty($account))) {
                # Unarchive person if required
                if ($TopdeskPerson.status -eq 'personArchived') {

                    # Unarchive person
                    $splatParamsPersonUnarchive = @{
                        TopdeskPerson   = [ref]$TopdeskPerson
                        Headers         = $authHeaders
                        BaseUrl         = $actionContext.Configuration.baseUrl
                        Archive         = $false
                        ArchivingReason = $actionContext.Configuration.personArchivingReason

                    }
                    Set-TopdeskPersonArchiveStatus @splatParamsPersonUnarchive
                }

                # Update TOPdesk person
                $splatParamsPersonUpdate = @{
                    TopdeskPerson = $TopdeskPerson
                    Account       = $account
                    Headers       = $authHeaders
                    BaseUrl       = $actionContext.Configuration.baseUrl
                }
                $TopdeskPersonUpdated = Set-TopdeskPerson @splatParamsPersonUpdate
            }

L170 $TopdeskDepartments is used. This should be corrected to $TopdeskBudgetHolders.

L171 $rRefSourceData is not being used in the foreach

is it possible to add a "correlation only" option?

There is often already a synchronization with the AD.
Therefore it is not necessary to take over the provisioning of the persons, but it is necessary to create changes or incidents.

Not in all cases is the account lifecycle of the Topdesk person in scope.
There are a lot of customers that want to keep the sync between Entra ID and Topdesk. If we enable the query of Topdesk assets, then a Topdesk person should already be present.
If we make the retrieval of Topdesk assets configurable in the template itself instead of in the configuration of the system, then the process could be integrated much more flexible.
Whenever we provision the AD / Entra ID account, usually we also want to make an Topdesk incident and/or change. For arranging hardware, access card, etc. If the account lifecycle of Topdesk is not in scope, then we cannot also query the assets of the Topdesk person. This Topdesk person is only available after the sync has been executed. If we can configure the assets per template, then we can make the above use case work again.

The person is archived when the manager doesn't have an active contract. How exactly I don't know yet, but I have been able to reproduce this. Probably the manager and the person are mixed up in the archiving actions.
Related to TOPdesk ticket 20230620-054.

The problem is that the $topdeskperson variable is not being populated when the dry run flag is set to true. This will result in an error in lines 1054 - 1057 and in $result (line 1089) if the preview button is used.