and more in a single search tool across platforms. Read the announcement here. |
03/11/2024 11:41 AM
Hi All,
We have create a child endpoint in Active directory through endpoint filter and trying to provision/deprovision entitlements of that child endpoint for the users who have active directory accounts and also account in that child endpoint. The 1st time when the user creates the child endpoint account and provisions entitlement, it works fine.
Issue comes when we try to provision another entitlement for the same user or we try to remove entitlement from the existing user.
it gives kind of following provisioning error comments:
Remove Access ::
Add Access::
Please help here, as I am not understanding which configuration is missing
03/11/2024 07:44 PM
Can you try with entitlement request option as Table instead of drop down
03/13/2024 04:08 AM
Hi @rushikeshvartak , @pmahalle
When we are having the AccountID mapped to "ObjectGUID" in Account Attributes, it is failing for add access task, remove access task AD operations with LDAP error codes.
But when we tried to map the AccountID mapped to "DisntinguishedName" in Account attributes, reconcilied all the accounts and then tried to add access/ remove access - It was working fine.
I referred this forums post (https://forums.saviynt.com/t5/identity-governance/ad-connection-not-found-dn-while-creating-account/....
Please confirm if it is always recommended to map AD AccountID to Distinguished name