We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

AD Connector - Replacement for groovy : com.saviynt

Romain
New Contributor
New Contributor
Hello everyone,
 
We are currently in 3.11 in Production environment.
We have below code in AccountNameRule for our AD connector.
 
Romain_1-1685103900996.png

But in developement environment we are in 3.17, and we were made aware that com.saviynt is now deprecated and can't be used anymore.

 

Goal of above code: Check all user's accounts, if there is an AD account, use this UPN, else create UPN
 
Is there another way to perform this ?
 
Thanks, regards
8 REPLIES 8

saikanumuri
Saviynt Employee
Saviynt Employee

Hi Romain,

Can you please let me know the business use case so that I can guide you on the next steps? 

Hello,

The goal is for AD based application to use already existing AD account UPN (if already got existing)

Best regards,

Hi Romain,

You are trying to use the accountID/UPN for a user account if the user already has the AD account linked to them? Is my understanding correct?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Romain
New Contributor
New Contributor

Hello Naveenss,

Yes you are right, we want to use existing account if there is one.
If you want an example, here you go

This is one of the application in the AD endpoint filter.

Romain_0-1686647005121.png

This application can be requested, but should not created a new AD account if user already have 1.

Therefore, the above code to perform this check.

Regards,

vivekmohanty_pm
Saviynt Employee
Saviynt Employee

@Romain Please follow this thread. This should solve the problem for Child Endpoint Accounts - https://forums.saviynt.com/t5/identity-governance/not-to-create-2nd-account-creation-in-ad-when-usin...

Regards,
Vivek Mohanty
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Hello vivek,

I'll try and revert, but issue might be on the Account Name itself.

As per business needs, we are generating numerical IDs (450127)
But users can ask to have alphanumerical IDs instead, after creation (rrozalski).

We don't want the account to be created twice or with the wrong ID.

Best regards,

Romain
New Contributor
New Contributor

Hello Vivek,

I confirm that issue will be that name can be changed in AD, therefore it will not follow default AccountNameRule.

Due to that, new parent account will try to be created.

Best regards,

Volker1
New Contributor
New Contributor

Hi Vivek,
hi Romain

what is the reason for not having an additional part in the account matching rule?

so the system should be able to match both the numeric and alphanumeric identifiers to the correct user object.

This should prevent the creation of new unwanted accounts for that user.

Best regards