Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

accountnamerule for 2 type of accounts

asharma
Regular Contributor II
Regular Contributor II

Hi Team,

I have a scenario where we need to provision two types of admin accounts, admin_1 and admin_2, in Saviynt for Active Directory (AD).

Admin_1 will be a default account for every IT user as birthright, while admin_2 will be provisioned through ARS after three levels of approval.

How can Saviynt determine, during the accountname creation process in the endpoint under the account name rule, that a user is coming from ARS and requires an admin_2 account?

10 REPLIES 10

rushikeshvartak
All-Star
All-Star
  • Both accounts will be visible on ARS request form.
  • Admin 2 will be created from saviynt ?

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

asharma
Regular Contributor II
Regular Contributor II

Only admin_2 will be visible in ARS and admin_1 will be assign by efault as a birthright to every user who'll belongs to IT.

NM
Valued Contributor
Valued Contributor

Hi @asharma , IT will only be having admin1 account and they can't have admin2, you can create account name rule on the basis of user property 

If user.title(IT) then admin1 else admin2 

asharma
Regular Contributor II
Regular Contributor II

It will be having admin_1 and they can also request admin_2 however if there is no admin_1 then user can request admin_2. 

Question is how saviynt will know if they need to generate accountname for admin_2 or admin_1 as both will be generated by same endpoint.

Saathvik
All-Star
All-Star

@asharma : On what basis you will determine user needs second admin account? Any differentiation like Business Unit, Title or entitlement? Because based on your requirement you will disable this setting Disable New Account Request if Account Already Exists. If so anyone when go for new account request if account already exists right? How you are planning to control that? 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

asharma
Regular Contributor II
Regular Contributor II

There is no as such differentiation. It is like user will request for admin_2 and that will go for 3 level of approvals and once it is approved then that admin_2 account will get created and associate to that user.

Account name rule applicable to first account only


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RanjithSaiM
New Contributor
New Contributor

Does anyone know how to get the source of the request in account name rule, probably then we can differentiate the accountname rule. This would be the best solution.

The other way to determine would be by applying the birthright rule filter in the accountname rule. If the birthright condition matches generate admin1 else generate admin2. On the endpoint you will need to allow end user to request for more than 1 account.

asharma
Regular Contributor II
Regular Contributor II

Use case - user will request for admin AD account. In that same admin AD endpoint we want to generate 2 type of adminaccount that are admin1 and admin2. Now, how we can design where we can check in ARS that user has requested for admin2 and how endpoint will create the accountname using accountnamerule for that admin2 type account.

Account name can be applied only to first account.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.