Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Endpoint's User Account Correlation rule based on another account of different security system?

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on February 24 2020 at 17:20 UTC

Is it possible to correlate account's field to the user via another account's field(from a different security system)?

In SSM, we have user's username as Employee ID - example - 12345 and email as Employee's email address - example - abc@test.com but we do not have AD username in the Employee's user records.

There is an AD security system with the account name as AD Network Id - (example - ABCDEF) and the account email as AD email address - (example - abc@test.com) and its Endpoint User Account Correlation rule is configured with User's email = Account's email. This works.

Now we are looking to on board another application, but we only have AD network ID - (example - ABCDEF) in the records of that application as app's username. How do we correlate Account with User in this case as AD network ID is not available in the SSM User's records? Is it possible to correlate via AD account name i.e. via another security system accounts?

I'm aware of one workaround to update one of the custom property of SSM Users with AD security system account name and then we have one to one mapping for the new app.

Is there any other way to correlate via AD account name directly without updating user records in SSM?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
1 REPLY 1

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on February 26 2020 at 03:40 UTC

Hi Ramanpreet,


As of date we dont have the capability to correlate account's field to the user via another account's field(from a different security system). Can you please let us know the business use case for this scenario?


Well I have gone through the use case/sample mentioned, I hope this could be achieved if you use the systemusername as the users attribute and the corresponding account attribute.


Thanks

Ajay

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.