Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

A simple AD certification campaign

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:14 PM

Originally posted on April 20 2021 at 14:41 UTC

I need a point/nudge in the right direction. I want to run a simple task. I have an AD group in which I want to verify the users. I've been trying to create a campaign to this but it seems I'm doing it wrong. Preview does return any data. Where can I go to find out how to do this. I know this has probably been asked before so apologies in advance.
This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
6 REPLIES 6

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:37 PM

Originally posted on April 21 2021 at 06:18 UTC

Hi Michael,

There are multiple ways of checking who has access to an entitlement in Saviynt :

  • The first method would be to use the built in UI to go through ADMIN > Identity Repository > Entitlements. Search for your AD Group and then click on the "Accounts" tab once opened. This will display all the accounts that have that AD Group. Then you naturally will know for which identity it belongs to.
  • Second method is to create a simple report with the below query to fetch identities and their data that has this AD group.

SELECT u.username, u.firstname, u.lastname from users u left join user_accounts ua on u.userkey=ua.userkey left join accounts a on ua.accountkey=a.accountkey left join account_entitlements1 ae1 on a.accountkey=ae1.accountkey left join entitlement_values ev on ae1.entitlement_valuekey=ev.entitlement_valuekey where ev.entitlement_value='CN=MyADGroup,OU=Groups,DC=acme,DC=com'

(Hopefully I did not make any typo while writing this 🙂 )

Hope these options will help you getting the desired result !

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:37 PM

Originally posted on September 27 2021 at 16:24 UTC

Thanks for the assist on this.  With a little mucking around and the above hints I was able to get a user campaign started on speecfic groups.  What I'd like to do next is have the AD group owner do the entitlement/certification.  I plan to skip the the employment step and get the campaign over to the group owner.  Is this something that can be done in a user manager campaign should I use a different one?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:37 PM

Originally posted on September 27 2021 at 19:51 UTC

Michael,


Entitlement Owner Review is something that seems applicable for your use case.




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:37 PM

Originally posted on September 28 2021 at 13:33 UTC

Thanks Avinash, 

  That's what I thought.  Do I place the the group owner in the default certifier field?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:37 PM

Originally posted on September 28 2021 at 13:44 UTC

Hi Michael,


You would need to set the owner under the entitlements owner field.


Admin > Entitlements >(Entitlement Value) > Owner




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:37 PM

Originally posted on September 28 2021 at 21:57 UTC

Also wanted to add that the owner has to be marked as Rank 26 or Primary Certifier depending on which version you are on.



Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
Copyright © 2024 Khoros, LLC