Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active Directory Endpoint Filtering resulting in creating duplicate entitlements

sandeepgudipudi
New Contributor III
New Contributor III

‎05/11/2024 02:19 AM

We have a AD groups and have begun using EndPoint filtering on our AD connector.

However, this has had the result of creating duplicate entitlements and Entitlement values are imported in one group and accounts are imported in other group

 

 

sandeepgudipudi_3-1715419153160.png

 

 

 

Labels:
0 Kudos
14 REPLIES 14

NM
Honored Contributor II
Honored Contributor II

‎05/11/2024 05:34 AM

Hi @sandeepgudipudi , share groupimportmapping json

0 Kudos

sandeepgudipudi
New Contributor III
New Contributor III
In response to NM

‎05/11/2024 07:04 AM

group import json

 

{"importGroupHierarchy":"true","entitlementTypeName":"memberOf","performGroupAccountLinking":"true","incrementalTimeField":"whenChanged","groupObjectClass":"(objectclass=group)","mapping":"memberHash:member_char,customproperty1:sAMAccountType_char,customproperty2:instanceType_char,customproperty3:uSNCreated_char,customproperty4:groupType_char,customproperty5:dSCorePropagationData_char,customproperty12:dn_char,customproperty13:cn_char,lastscandate:whenCreated_date,customproperty15:managedBy_char,description:description_char,displayname:name_char,customproperty9:name_char,customproperty10:objectCategory_char,customproperty11:sAMAccountName_char,entitlement_value:distinguishedName_char,entitlementid:distinguishedName_char,customproperty14:objectClass_char,updatedate:whenChanged_date,customproperty17:distinguishedName_char,RECONCILATION_FIELD:customproperty18,customproperty18:objectGUID_Binary","activeGroupPossibleValues":[],"entitlementOwnerAttribute":"managedBy","tableFieldAttribute":"comments"}

 

 

endpoint_filter

{
"Application Role Provisioning (SOX in-scope)":
[{"memberOf":
["CN=All-Juniper-PSFT-Users,OU=MIM-Static,OU=Distribution Lists,OU=Common,DC=jnpr,DC=net",
"CN=Domain Admins,OU=T0-Admins,OU=T0-Groups,OU=Tier 0,OU=Admin,DC=jnpr,DC=net",
"CN=Schema Admins,OU=T0-Admins,OU=T0-Groups,OU=Tier 0,OU=Admin,DC=jnpr,DC=net",
"CN=%,OU=SOX in-scope,OU=Access-Control,OU=Groups,OU=Common,DC=jnpr,DC=net"]
}
]
}

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to sandeepgudipudi

‎05/12/2024 08:18 AM

Can you remove special characters from endpoint name


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Saathvik
All-Star
All-Star
In response to sandeepgudipudi

‎05/13/2024 12:32 PM

@sandeepgudipudi : Are both groups Active? Can you share the entitlementID value for both groups? 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

sandeepgudipudi
New Contributor III
New Contributor III
In response to Saathvik

‎05/13/2024 01:23 PM

Entitlement values for both is same

CN=Domain Admins,OU=T0-Admins,OU=T0-Groups,OU=Tier 0,OU=Admin,DC=jnpr,DC=net

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to sandeepgudipudi

‎05/13/2024 02:59 PM

Share output for below query from data anlyzer

select entitlementid,entitlement_value,status, entitlement_valuekey from entitlement_values where entitlement_value in ()

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Saathvik
All-Star
All-Star
In response to sandeepgudipudi

‎05/14/2024 06:11 AM - edited ‎05/14/2024 06:13 AM

@sandeepgudipudi : I am looking for EntitlementID value, please share the output of the SQL query Rushi shared.

select entitlementid,entitlement_value,status, entitlement_valuekey, job_id from entitlement_values where entitlement_value in ('xxxx')


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

sandeepgudipudi
New Contributor III
New Contributor III
In response to Saathvik

‎05/14/2024 07:31 AM

here is the output for the query

 

sandeepgudipudi_0-1715697077402.png

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to sandeepgudipudi

‎05/14/2024 07:39 AM

Inactive entitlement without entitlement from UI


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

sandeepgudipudi
New Contributor III
New Contributor III
In response to rushikeshvartak

‎05/14/2024 07:43 AM

We did inactivated 1 entitlement and on next run it got activated

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to sandeepgudipudi

‎05/14/2024 07:51 PM

  • Append -old to entitlement and make inactive

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

sandeepgudipudi
New Contributor III
New Contributor III

‎05/12/2024 05:11 PM

this is production and cant remove special characters from endpoint name, if we remove it will create a new end point..

Is there any limitation/restriction on end point naming convention?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to sandeepgudipudi

‎05/12/2024 06:51 PM

You can validate same in lower enviorment


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

sandeepgudipudi
New Contributor III
New Contributor III
In response to rushikeshvartak

‎05/13/2024 09:27 AM

Its validated in lower environment and duplicate entitlements are not created

0 Kudos
Copyright © 2024 Khoros, LLC