Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Account Name rule in Logical Endpoint

SinchanaC
New Contributor II
New Contributor II

Hi all,

We have configured a logical endpoint for AD and the account name rule is currently set with the option for check unique account as 'All', same as the base AD.

But we see, the following error throws up when the user has an inactive account for logical AD app and is trying to raise a new account request for the same logical app. Please note the user has an active account in the Base AD and has an inactive account in the Logical AD app.

SinchanaC_0-1724140867632.png

How can we resolve this error? 

SinchanaC_1-1724140952902.png

We also tried removing this config 'All' and left it empty, that actually solved the problem. But want to know what is the impact of removing this option? Is there anything else that will solve this problem?

Thanks & Regards, 

Sinchana

 

4 REPLIES 4

NM
Honored Contributor III
Honored Contributor III

Hi @SinchanaC is it inactive or suspended from import service.

Don't add 'All' use only inactive and manually suspended.

SinchanaC
New Contributor II
New Contributor II

It is in inactive state, not suspended from Import service. 

I tried adding the above mentioned condition. It works. Could you also please let me know what is the impact if we remove 'All' and keep it empty?

Thanks & Regards, 

Sinchana

It tries to create new account , when it tries it validates what all status of existing accounts to be checked as user can have multiple accounts under endpoint 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM
Honored Contributor III
Honored Contributor III

@SinchanaC , it just stops users to raise a new account request if new account already exist configured to NO.

i haven't seen any impact as such till now.