Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 01:08 PM
Hello,
In the AD Connector documentation, there is an example explaining how we can use the ENDPOINTS_FILTER field to dynamically create endpoints during the import and attach accounts and entitlements to it. Example is as follows:
{ "Sharepoint Server": [ { "memberOf": [ "%OU=EPO,OU=ManagedSystem,OU=Client,DC=SAV,DC=POC,DC=SAVADMIN,DC=com" ] } ] }
Does this JSon field allow creating endpoints with more attributes? For example, could we create endpoints and assign values to specific properties (ex: description, owner, risk, customproperties, etc)?
Solved! Go to Solution.
04/12/2022 02:26 PM
Greetings!!
we do not support any other key support (like Description, owner, risk etc.) in endpoint filter apart from memberOf attribute.
04/12/2022 02:26 PM
Hi Anand,
I understand you do not support other keys as a filter.
however, is it possible to define the new endpoints with more details/information?
04/12/2022 02:26 PM
Hi Fabrice,
Greetings!!
As a part of endpoint filter configuration, we allow to define endpoint filter based endpoint name and filter attribute with filter value.
let's say if i talk about this example:
{ "Sharepoint Server": [ { "memberOf": [ "%OU=EPO,OU=ManagedSystem,OU=Client,DC=SAV,DC=POC,DC=SAVADMIN,DC=com" ] } ] }
Then, "Sharepoint Server" is the endpoint name (based on our endpoint filter).
while, "memberOf": [
"%OU=EPO,OU=ManagedSystem,OU=Client,DC=SAV,DC=POC,DC=SAVADMIN,DC=com" is filter criteria with value.
Apart from these, we do not have any other information inclusion option here.
Please let me know, if you need some other information here as well.
Additionally, please feel free to raise enhancement/improvement tickets, if you need something specific here.
04/12/2022 02:26 PM
Thank you. You can consider this topic as answered
04/12/2022 02:26 PM
Hi,
I am trying to add the user to AD Group and I did the Add account configuration as per given AD Connector guide. I am getting below error. Could you please help me here?
2020-03-26 15:35:20,701 [quartzScheduler_Worker-2] ERROR ldap.SaviyntGroovyLdapService - Error while creating account userTest in AD - Ambiguous method overloading for method groovy.text.SimpleTemplateEngine#createTemplate.
Cannot resolve which method to invoke for [null] due to overlapping prototypes between:
[class java.io.File]
[class java.io.Reader]
[class java.lang.String]
[class java.net.URL]
groovy.lang.GroovyRuntimeException: Ambiguous method overloading for method groovy.text.SimpleTemplateEngine#createTemplate.
Cannot resolve which method to invoke for [null] due to overlapping prototypes between:
[class java.io.File]
[class java.io.Reader]
[class java.lang.String]
[class java.net.URL]
at com.saviynt.utility.TemplateUtilityService.getSimpleTemplateString(TemplateUtilityService.groovy:42)
at com.saviynt.utility.TemplateUtilityService.getTemplateString(TemplateUtilityService.groovy:27)
at com.saviynt.ldap.SaviyntGroovyLdapService$_createAccountGLDAP_closure3.doCall(SaviyntGroovyLdapService.groovy:435)
at com.saviynt.ldap.SaviyntGroovyLdapService.createAccountGLDAP(SaviyntGroovyLdapService.groovy:258)
at com.saviynt.ecm.services.ArsTaskService.createAccountTarget(ArsTaskService.groovy:8216)
at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsThreeNewAccountAccess_closure39.doCall(ArsTaskHelperService.groovy:2134)
at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsThreeNewAccountAccess(ArsTaskHelperService.groovy:2125)
at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:117)
at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:102)
at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:154)
at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
2020-03-26 15:47:43,084 [quartzScheduler_Worker-4] ERROR ldap.SaviyntGroovyLdapService - Error while creating account userTest in AD - Ambiguous method overloading for method groovy.text.SimpleTemplateEngine#createTemplate.
Cannot resolve which method to invoke for [null] due to overlapping prototypes between:
[class java.io.File]
[class java.io.Reader]
[class java.lang.String]
[class java.net.URL]
04/12/2022 02:26 PM
Hi Suneel,
Greetings!!
Kindly share the version details of SSM (You are using currently) along with your connection parameter details.
Additionally, I would like to understand.
1) If you created this connection manually or used any template to create it.
2) Do you have any similar setup, where multiple security systems are consuming a single connection?
04/12/2022 02:26 PM
Hi Anand,
I am using v5.4.0.
1. I used the connection manually configured as per given below screen shot.
2. I am using separate same connection for Recon and this connection for Provisioning.
04/12/2022 02:26 PM
Hi Anand,
This configuration for Add account works for one user but getting error for anther user for same or other entitlement.
Here is CreateAccount JSON Configuration.
{
"sAMAccountName": "${task.accountName}",
"givenName": "${user.firstname}",
"sn": "${user.lastname}",
"uid": "${user.username}",
"cn": "${user.displayname}",
"objectclass": [
"top",
"person",
"organizationalPerson",
"user"
]
}
04/12/2022 02:26 PM
Please follow steps below and let me know your result:
1) In your provisioning connection itself, try to define/fill your Account_Attribute and Status_Threshold_config as per our documentation.
2) Once you are done with updating the recommended fields in your Prov connection, use the same for your connection and provisioning connection in your security system.
3) Try to provisioning once again.
04/12/2022 02:26 PM
Thanks Anand. Yes now it's is working fine.
04/12/2022 02:26 PM
Awesome!! Glad to hear that Suneel.
Could you please let me know, what actually you were missing or did you follow entire recommendation suggested by me to resolve this.?
04/12/2022 02:26 PM
yes I followed your suggestion to solve this issue.
04/12/2022 02:26 PM
Thanks for your comments.
Cheers!!
04/12/2022 02:26 PM
Hi Anand,
I am not seeing any field for DisableAccount in AD Connection, where can we use the DisableAccount in ADConnection?
04/12/2022 02:26 PM
hi,
can i create a endpoint filter like this ? will it work ?
{ "Sharepoint Server": [ { "memberOf": [ "%OU=EPO,OU=ManagedSystem,OU=Client,DC=SAV,DC=POC,DC=SAVADMIN,DC=com" ] },
{ "memberOf": [ "%OU=EPO,OU=ManagedSystem,OU=Client,DC=SAV,DC=POC,DC=SAVADMIN,DC=com" ] } ] }