This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Connector - Replacement for groovy : com.saviynt

Romain
New Contributor
New Contributor

‎05/26/2023 05:28 AM

Hello everyone,
 
We are currently in 3.11 in Production environment.
We have below code in AccountNameRule for our AD connector.
 
Romain_1-1685103900996.png

But in developement environment we are in 3.17, and we were made aware that com.saviynt is now deprecated and can't be used anymore.

 

Goal of above code: Check all user's accounts, if there is an AD account, use this UPN, else create UPN
 
Is there another way to perform this ?
 
Thanks, regards
Labels:
0 Kudos
8 REPLIES 8

saikanumuri
Saviynt Employee
Saviynt Employee

‎05/31/2023 04:45 PM

Hi Romain,

Can you please let me know the business use case so that I can guide you on the next steps? 

0 Kudos

Romain
New Contributor
New Contributor
In response to saikanumuri

‎06/05/2023 12:18 AM

Hello,

The goal is for AD based application to use already existing AD account UPN (if already got existing)

Best regards,

0 Kudos

naveenss
All-Star
All-Star
In response to Romain

‎06/12/2023 09:35 AM

Hi Romain,

You are trying to use the accountID/UPN for a user account if the user already has the AD account linked to them? Is my understanding correct?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

Romain
New Contributor
New Contributor

‎06/13/2023 02:04 AM

Hello Naveenss,

Yes you are right, we want to use existing account if there is one.
If you want an example, here you go

This is one of the application in the AD endpoint filter.

Romain_0-1686647005121.png

This application can be requested, but should not created a new AD account if user already have 1.

Therefore, the above code to perform this check.

Regards,

0 Kudos

vivekmohanty_pm
Saviynt Employee
Saviynt Employee

‎06/15/2023 07:29 AM

@Romain Please follow this thread. This should solve the problem for Child Endpoint Accounts - https://forums.saviynt.com/t5/identity-governance/not-to-create-2nd-account-creation-in-ad-when-usin...

Regards,
Vivek Mohanty
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

0 Kudos

Romain
New Contributor
New Contributor
In response to vivekmohanty_pm

‎06/15/2023 07:42 AM

Hello vivek,

I'll try and revert, but issue might be on the Account Name itself.

As per business needs, we are generating numerical IDs (450127)
But users can ask to have alphanumerical IDs instead, after creation (rrozalski).

We don't want the account to be created twice or with the wrong ID.

Best regards,

0 Kudos

Romain
New Contributor
New Contributor
In response to Romain

‎06/19/2023 05:53 AM

Hello Vivek,

I confirm that issue will be that name can be changed in AD, therefore it will not follow default AccountNameRule.

Due to that, new parent account will try to be created.

Best regards,

0 Kudos

Volker1
New Contributor
New Contributor
In response to Romain

‎07/02/2023 10:11 PM

Hi Vivek,
hi Romain

what is the reason for not having an additional part in the account matching rule?

so the system should be able to match both the numeric and alphanumeric identifiers to the correct user object.

This should prevent the creation of new unwanted accounts for that user.

Best regards

0 Kudos
Copyright © 2023 Khoros, LLC