Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Accounts are not showing parent active directory endpoint and not in Child endpoints

Arita
New Contributor II
New Contributor II

Hi Team,

We have a parent active directory P and we have 3 child endpoints C1, C2,C3.

Entitlement Account Operators is common for all endpoints and an account associated with it is SVC.

We can see SVC under account operators entitlement in Parent Endpoint

We can not see SVC under account operators in Child endpoint.

What is the issue here, any detailed explanation on how to manage

1) parent, child connections if we connect them as isolated endpoints in Saviynt 

(or) 2) if we connect them as dependent endpoints through endpoint filter. 

We have UAR going on and thi is very critical aspect, any response is highly appreciated.

7 REPLIES 7

rushikeshvartak
All-Star
All-Star

Endpoint filter creates new entitlement with child endpoint and reference to parent endpoint . Make sure entitlement has at least one account so that entitlement can be filtered in application. Certification done on child will remove parent entitlement mapping also


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Arita
New Contributor II
New Contributor II

We are not using endpoint filter in this scenario. In target they are parent and child endpoints. But in Saviynt all the endpoints (parent and child) are integrated as an independent connection. So, in this case what is the behaviour of entitlements and respective accounts in parent and child in saviynt.

So its always 1 connection 1 security system 1 endpoint ? If yes then there should not be any data issues 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Arita
New Contributor II
New Contributor II

Yes, supposedly but in our case, we can't see some service accounts which are common across endpoints are visible only in parent endpoint and not child endpoint. We have below groupimportmapping JSON, we see that performgroupaccountlinking to be set as true as per documentation and we changed in QA and ran the jobs but still we dont see those accounts showingup.  Any other we see here ?

{
"entitlementTypeName": "",
"performGroupAccountLinking": "false",
"importnestedmembershipoutofscope": "false",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)",
"importGroupHierarchy": "true",
"mapping": "memberHash:member_char,customproperty1:sAMAccountType_char,customproperty2:instanceType_char,customproperty3:uSNCreated_char,customproperty4:groupType_char,customproperty5:dSCorePropagationData_char,customproperty6:whenCreated_date,customproperty8:isCriticalSystemObject_char,customproperty9:name_char,customproperty10:objectCategory_char,customproperty11:sAMAccountName_char,customproperty12:dn_char,customproperty13:cn_char,customproperty14:objectClass_char,customproperty17:objectGUID_Binary,customproperty18:distinguishedName_char,lastscandate:whenCreated_date,entitlement_glossary:description_char,status:isCriticalSystemObject_char,entitlement_value:distinguishedName_char,entitlementid:distinguishedName_char,updatedate:whenChanged_date,description:description_char,RECONCILATION_FIELD:customproperty17"
}

What is account missing ? Does it under same object filter ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Arita
New Contributor II
New Contributor II

Account is SVC and associated group/Entitlement is Account Operators.. Now in parent endpoint both showup.

In Child endpoint, only entitlement - Account operators show up but not associated account SVC

Please share connections config . This looks like configuration issue


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.