Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Account to Entitlement mapping is not working in AD.

Go to solution
utkarshING
New Contributor III
New Contributor III

‎02/15/2024 10:23 AM

Hi there,

We can import all accounts and entitlements in Saviynt from Active Directory but mapping between entitlement and account is not working.

 

ACCOUNT_ATTRIBUTE

[NAME::samaccountname#String, ACCOUNTID::objectguid#String, DISPLAYNAME::displayname#String, DESCRIPTION::description#String, VALIDTHROUGH::accountexpires#millisec, UPDATEDATE::whenchanged#date, LASTPASSWORDCHANGE::passwordlastset#String, LASTLOGONDATE::lastlogon#millisec, ACCOUNTCLASS::objectclass#String, CUSTOMPROPERTY1::userprincipalname#String, CUSTOMPROPERTY2::sn#String, CUSTOMPROPERTY3::co#String, CUSTOMPROPERTY4::givenname#String, CUSTOMPROPERTY5::title#String, CUSTOMPROPERTY6::telephonenumber#String, CUSTOMPROPERTY7::c#String, CUSTOMPROPERTY8::usncreated#String, CUSTOMPROPERTY9::logoncount#String, CUSTOMPROPERTY10::physicaldeliveryofficename#String, CUSTOMPROPERTY11::streetaddress#String, CUSTOMPROPERTY12::mailnickname#String, CUSTOMPROPERTY13::department#String, CUSTOMPROPERTY14::countrycode#String, CUSTOMPROPERTY15::manager#String, CUSTOMPROPERTY16::homephone#String, CUSTOMPROPERTY17::mobile#String, CUSTOMPROPERTY18::useraccountcontrol#String, CUSTOMPROPERTY19::company#String, CUSTOMPROPERTY20::objectguid#String, CUSTOMPROPERTY21::extensionattribute1#String, CUSTOMPROPERTY22::extensionattribute4#String, CUSTOMPROPERTY23::extensionattribute7#String, CUSTOMPROPERTY24::extensionattribute13#String, CUSTOMPROPERTY25::employeeid#String, CUSTOMPROPERTY26::employeetype#String, CUSTOMPROPERTY31::proxyaddresses#String, CUSTOMPROPERTY32::info#String, CUSTOMPROPERTY28::mail#String, CUSTOMPROPERTY29::l#String, CUSTOMPROPERTY30::cn#String, CUSTOMPROPERTY40::distinguishedname#String, RECONCILATION_FIELD::customproperty20]

 

groupImportMapping

 

{ "importGroupHierarchy": "true", "entitlementTypeName": "memberof", "performGroupAccountLinking": "true", "groupObjectClass": "(&(description=TestedBySaviynt)(objectClass=group))", "mapping": "memberHash:member_char,customProperty1:samaccounttype_char,customProperty2:instancetype_char,customProperty3:usncreated_char,customProperty4:grouptype_char,customProperty5:dscorepropagationdata_char,customProperty12:dn_char,customProperty13:cn_char,lastscandate:whencreated_date,customProperty15:managedby_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty9:name_char,customProperty10:objectcategory_char,entitlement_value:distinguishedname_char,entitlementid:objectguid_Binary,customProperty14:objectclass_char,updatedate:whenchanged_date,customProperty17:distinguishedname_char,customProperty18:objectguid_String,RECONCILATION_FIELD:customProperty18" }

 

 

Please assist with this.

 

Thanks,

Utkarsh Rathore

Labels:
0 Kudos
13 REPLIES 13

Go to solution
AmitM
Valued Contributor
Valued Contributor

‎02/15/2024 11:13 AM

Hi @utkarshING ,

Can you make O capital in memberof, that is one clear difference. If that doesn't work will look for something else.

entitlementTypeName": "memberOf" 

AD integration doc is quite good so read that also again once. You would have done it already but still - https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Importing-...

Thanks,

Amit

If helped, please ACCEPT SOLUTION.

0 Kudos

Go to solution
utkarshING
New Contributor III
New Contributor III

‎02/15/2024 11:19 AM

Hi @AmitM ,

Thanks for your response, I tried with both "memberof" and "memberOf" but did not work.

 

Thanks,

Utkarsh Rathore

 

Thanks,

Utkarsh Rathore

0 Kudos

Go to solution
AmitM
Valued Contributor
Valued Contributor
In response to utkarshING

‎02/15/2024 01:00 PM

Hope you are also using 

AmitM_0-1708030529695.png

Below one is working fine for us , an you use this once and see if it works :

{
"importGroupHierarchy": "true",
"entitlementTypeName": "memberOf",
"performGroupAccountLinking": "True",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)",
"mapping": "memberHash:member_char,entitlement_glossary:description_char,description:description_char,displayname:displayname_char,entitlement_value:distinguishedName_char,entitlementID:objectGUID_Binary,customProperty1:name_Char,customProperty2:sAMAccountName_Char,customProperty3:sAMAccountType_Char,customProperty4:cn_Char,customProperty5:mail_Char,customProperty15:objectGUID_Binary,customProperty7:objectSID_Binary,customProperty8:uSNCreated_Char,customProperty9:uSNChanged_Char,customProperty10:managedBy_Char,customProperty11:instanceType_char,customProperty12:groupType_char,customProperty13:dSCorePropagationData_char,customProperty14:objectCategory_char,updatedate:whenChanged_date,lastscandate:whenCreated_Date,RECONCILATION_FIELD:entitlementID",
"activeGroupPossibleValues": [
"active",
"a",
"l",
"TRUE"
]
}

0 Kudos

Go to solution
utkarshING
New Contributor III
New Contributor III
In response to AmitM

‎02/15/2024 01:07 PM - edited ‎02/15/2024 01:10 PM

utkarshING_0-1708031079468.png

It is mentioned in lowercase. 

Do you know the logic behind the mapping So I can check that.

 

Thanks,

Utkarsh Rathore

 

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to utkarshING

‎02/15/2024 08:51 PM

It should be exact Entitlement type name

https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Importing-...


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
utkarshING
New Contributor III
New Contributor III
In response to rushikeshvartak

‎04/13/2024 10:32 PM - edited ‎04/13/2024 10:34 PM

we tried using memberOf as well but it did not work.

utkarshING_0-1713072539563.png

 

groupImportMapping : -

{ "importGroupHierarchy": "true", "entitlementTypeName": "memberOf", "performGroupAccountLinking": "true", "groupObjectClass": "(&(description=TestedBySaviynt)(objectClass=group))", "mapping": "memberHash:member_char,customProperty1:samaccounttype_char,customProperty2:instancetype_char,customProperty3:usncreated_char,customProperty4:grouptype_char,customProperty5:dscorepropagationdata_char,customProperty12:dn_char,customProperty13:cn_char,lastscandate:whencreated_date,customProperty15:managedby_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty9:name_char,customProperty10:objectcategory_char,entitlement_value:distinguishedname_char,entitlementid:objectguid_char,customProperty14:objectclass_char,updatedate:whenchanged_date,customProperty17:distinguishedname_char,customProperty18:objectguid_char,RECONCILATION_FIELD:customProperty18" }

 

ACCOUNT_ATTRIBUTE

 

[NAME::samaccountname#String, ACCOUNTID::objectguid#String, DISPLAYNAME::displayname#String, DESCRIPTION::description#String, VALIDTHROUGH::accountexpires#millisec, UPDATEDATE::whenchanged#date, LASTPASSWORDCHANGE::passwordlastset#String, LASTLOGONDATE::lastlogon#millisec, ACCOUNTCLASS::objectclass#String, CUSTOMPROPERTY1::userprincipalname#String, CUSTOMPROPERTY2::sn#String, CUSTOMPROPERTY3::co#String, CUSTOMPROPERTY4::givenname#String, CUSTOMPROPERTY5::title#String, CUSTOMPROPERTY6::telephonenumber#String, CUSTOMPROPERTY7::c#String, CUSTOMPROPERTY8::usncreated#String, CUSTOMPROPERTY9::logoncount#String, CUSTOMPROPERTY10::physicaldeliveryofficename#String, CUSTOMPROPERTY11::streetaddress#String, CUSTOMPROPERTY12::mailnickname#String, CUSTOMPROPERTY13::department#String, CUSTOMPROPERTY14::countrycode#String, CUSTOMPROPERTY15::manager#String, CUSTOMPROPERTY16::homephone#String, CUSTOMPROPERTY17::mobile#String, CUSTOMPROPERTY18::useraccountcontrol#String, CUSTOMPROPERTY19::company#String, CUSTOMPROPERTY20::objectguid#String, CUSTOMPROPERTY21::extensionattribute1#String, CUSTOMPROPERTY22::extensionattribute4#String, CUSTOMPROPERTY23::extensionattribute7#String, CUSTOMPROPERTY24::extensionattribute13#String, CUSTOMPROPERTY25::employeeid#String, CUSTOMPROPERTY26::employeetype#String, CUSTOMPROPERTY31::proxyaddresses#String, CUSTOMPROPERTY32::info#String, CUSTOMPROPERTY28::mail#String, CUSTOMPROPERTY29::l#String, CUSTOMPROPERTY30::cn#String, CUSTOMPROPERTY40::distinguishedname#String, RECONCILATION_FIELD::customproperty20]

 

We are using ADSI connector.

But still, mapping is not working.

 

 

0 Kudos

Go to solution
CR
Regular Contributor III
Regular Contributor III
In response to utkarshING

‎04/14/2024 06:15 AM

@utkarshING  can you try below groupimport

{ "importGroupHierarchy": "true", "entitlementTypeName": "memberof", "performGroupAccountLinking": "true", "groupObjectClass": "(objectClass=group)", "mapping": "memberHash:member_char,customProperty1:samaccounttype_char,customProperty2:instancetype_char,customProperty3:usncreated_char,customProperty4:grouptype_char,customProperty5:dscorepropagationdata_char,customProperty12:dn_char,customProperty13:cn_char,lastscandate:whencreated_date,customProperty15:managedby_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty9:name_char,customProperty10:objectcategory_char,entitlement_value:distinguishedname_char,entitlementid:distinguishedname_char,customProperty14:objectclass_char,updatedate:whenchanged_date,customProperty17:distinguishedname_char,customProperty18:objectguid_Binary,RECONCILATION_FIELD:customProperty18" }


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.
0 Kudos

Go to solution
utkarshING
New Contributor III
New Contributor III
In response to CR

‎04/14/2024 06:41 AM

I tried but did not work.

utkarshING_0-1713102042764.png

 

0 Kudos

Go to solution
CR
Regular Contributor III
Regular Contributor III
In response to utkarshING

‎04/14/2024 10:12 AM - edited ‎04/14/2024 10:12 AM

u can use "groupObjectClass": "(objectClass=group)" only and try dont add description

share logs


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to utkarshING

‎04/14/2024 10:22 AM

Share logs


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
utkarshING
New Contributor III
New Contributor III

‎04/15/2024 06:58 AM

Thanks @CR and @rushikeshvartak ,

Accounts are not mapped with Entitlement values due to a Saviynt bug in the 23.8 version, which has been fixed in 23.10. we need to upgrade the version to map accounts with entitlement.

Just now, the Saviynt Team confirms it.

 

Thanks,

Utkarsh Rathore

0 Kudos

Go to solution
NM
Regular Contributor III
Regular Contributor III

‎04/16/2024 06:34 AM

Hi @utkarshING, is the bug still in 24.2? I can't seem to map account and entitlement

0 Kudos

Go to solution
utkarshING
New Contributor III
New Contributor III
In response to NM

‎04/16/2024 06:54 AM

It might be, please raise a Saviynt ticket and confirm.

0 Kudos
Copyright © 2024 Khoros, LLC